Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Cisco IOS HTTP Config Arbitrary Administrative Access Vulnerability (BID 2936)

From: "Neil Barlow" <neil.barlow () sysnet ie>
Date: Tue, 6 Dec 2005 16:27:01 -0000
Hi

I am looking for pointers on information on what I might be doing wrong.

I am currently carrying out a Pen Test for an org and trying to exploit
the IOS HTTP Config that exists on a router (IOS 12.2).
CVE: CVE-2001-0537 

I have run the Cisco-Global-Exploit tool against the router to verify
that the vul exists on the device and it returns saying that it does.

But when I try to run the crafted URL within a browser, e.g.
http://router.address/level/17/exec/-/sh/ver/
I just get a blank screen and nothing else. Is there something that I am
doing wrong?

I have downloaded a number of exploit scripts and they are returning
that the device is vul, but I cant get back any configuration info.
I have been using the tools provided by WHAX for Cisco devices to carry
out my Pen Tests.

Thanks for any direction/input that you can provide.

Regards
Neil Barlow


***************************************************************************************************
  MESSAGE DISCLAIMER NOTICE
 --------------------------------------
 This e-mail message and any attachments with it are confidential and are intended solely
 for the use of the individual or entity to whom this e-mail message is addressed. If you 
 have received this e-mail message in error, please notify the sender immediately and 
 delete the e-mail message, or alternatively notify SYSNET Ltd. at the contact details 
 provided below. Any views or opinions presented in this e-mail are solely those of the 
 author and do not necessarily represent those of SYSNET Ltd., unless expressly stated to
 the contrary. Although SYSNET Ltd. has taken reasonable precautions to ensure no 
 viruses are present in this e-mail, SYSNET Ltd. cannot accept responsibilty for any loss or 
 damage arising from the use of this e-mail or any attachments. This footnote also confirms
 that this e-mail message has been scanned for the presence of computer viruses.

 6/12/2005, SYSNET Ltd., 18 Woodstown Village Centre, Dublin, Ireland, www.sysnet.ie
 Telephone number: +35314951300
***************************************************************************************************


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: