Sunday, November 20, 2011

Cisco Global Exploiter

Exploitation Tools -> Network Exploitation Tools -> Cisco Attacks

cisco-global-exploiter can detect 14 different vulnerabilities on Cisco routers and switches. Most of these can only be found on end of life IOS or CatOS versions, and they mostly allow us to make DoS attacks, but there is one for example which can give us level 15 privileged access, in case some circumstances are met.

The tool expects two options: 1. the device's IP address, 2. the number of the vulnerability
Example:

root@bt:/pentest/cisco/cisco-global-exploiter# perl cge.pl 192.168.80.130 3

where
[3] - Cisco IOS HTTP Auth Vulnerability

Tested on 12.4(15)T4 IOS:


Despite the fact that the tool considers attack #3 successful, it really doesn't work - it's reported false positive, only because the returned webpage doesn't contain an element, which would mean that the attack is unsuccessful (you can deep dive into the script).

There is a very detailed documentation about the vulnerabilities in the tool's directory.

No comments: