Penetration Testing mailing list archives
Cisco IOS HTTP Config Arbitrary Administrative Access Vulnerability (BID 2936)
From: "Neil Barlow" <neil.barlow () sysnet ie>
Date: Tue, 6 Dec 2005 16:27:01 -0000
Hi I am looking for pointers on information on what I might be doing wrong. I am currently carrying out a Pen Test for an org and trying to exploit the IOS HTTP Config that exists on a router (IOS 12.2). CVE: CVE-2001-0537 I have run the Cisco-Global-Exploit tool against the router to verify that the vul exists on the device and it returns saying that it does. But when I try to run the crafted URL within a browser, e.g. http://router.address/level/17/exec/-/sh/ver/ I just get a blank screen and nothing else. Is there something that I am doing wrong? I have downloaded a number of exploit scripts and they are returning that the device is vul, but I cant get back any configuration info. I have been using the tools provided by WHAX for Cisco devices to carry out my Pen Tests. Thanks for any direction/input that you can provide. Regards Neil Barlow *************************************************************************************************** MESSAGE DISCLAIMER NOTICE -------------------------------------- This e-mail message and any attachments with it are confidential and are intended solely for the use of the individual or entity to whom this e-mail message is addressed. If you have received this e-mail message in error, please notify the sender immediately and delete the e-mail message, or alternatively notify SYSNET Ltd. at the contact details provided below. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of SYSNET Ltd., unless expressly stated to the contrary. Although SYSNET Ltd. has taken reasonable precautions to ensure no viruses are present in this e-mail, SYSNET Ltd. cannot accept responsibilty for any loss or damage arising from the use of this e-mail or any attachments. This footnote also confirms that this e-mail message has been scanned for the presence of computer viruses. 6/12/2005, SYSNET Ltd., 18 Woodstown Village Centre, Dublin, Ireland, www.sysnet.ie Telephone number: +35314951300 *************************************************************************************************** ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Cisco IOS HTTP Config Arbitrary Administrative Access Vulnerability (BID 2936) Neil Barlow (Dec 06)