Another program that is more directly used for exploitation is the Cisco Global
Exploiter (CGE) program. This Perl script can be used to launch known attacks
against targets. The script doesn’t randomly attempt attacks, and it’s also not there to
create new attacks.
cge.pl
has 14 attacks that will accomplish different outcomes.
There are also some denial-of-service attacks. A denial-of-service
attack will prevent
the Cisco devices from functioning properly. Some of them are focused on manage‐
ment protocols like Telnet or SSH. Other vulnerabilities may allow for remote code
execution.
Example 5-2
shows the list of vulnerabilities that
cge.pl
supports. The man‐
agement denial-of-service attacks will prevent management traffic from getting to the
device but won’t typically impair the core functionality of the device.
Example 5-2. Exploits available in cge.pl
root@yazpistachio:~# cge.pl
Usage :
perl cge.pl
Vulnerabilities list :
[
1
]
- Cisco 677/678 Telnet Buffer Overflow Vulnerability
[
2
]
- Cisco IOS Router Denial of Service Vulnerability
[
3
]
- Cisco IOS HTTP Auth Vulnerability
[
4
]
- Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[
5
]
- Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[
6
]
- Cisco
675
Web Administration Denial of Service Vulnerability
[
7
]
- Cisco Catalyst
3500
XL Remote Arbitrary Command Vulnerability
[
8
]
- Cisco IOS Software HTTP Request Denial of Service Vulnerability
[
9
]
- Cisco
514
UDP Flood Denial of Service Vulnerability
[
10
]
- CiscoSecure ACS
for
Windows NT Server Denial of Service Vulnerability
[
11
]
- Cisco Catalyst Memory Leak Vulnerability
[
12
]
- Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[
13
]
-
0
Encoding IDS Bypass Vulnerability
(
UTF
)
[
14
]
- Cisco IOS HTTP Denial of Service Vulnerability
Other Devices
One utility to look at closely if you looking at smaller organizations is
routersploit
.
This program is a framework, taking the approach that additional modules can be
developed and added to the framework to continue to extend the functionality.
rou‐
tersploit
has exploits for some Cisco devices but also smaller devices like 3COM, Bel‐
kin, DLink, Huawei, and others. At the time of this writing,
routersploit
has 84
modules available for use. Not all of them are targeted at specific devices or vulnera‐
bilities. Some of the modules are credential attacks, allowing for brute-forcing of pro‐
tocols like SSH, Telnet, HTTP, and others.
Example 5-3
shows the use of one of the
brute-force modules. To get into the interface shown, we run
routersploit
from the
command line.
