Showing posts with label Cisco Systems. Show all posts
Showing posts with label Cisco Systems. Show all posts

Thursday, 20 February 2014

[CGE] Cisco Global Exploiter


Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers.  CGE is command-line driven perl script which has a simple and easy to use front-end.

CGE can exploit the following 14 vulnerabilities:

[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability

Installation:
tar -zxvf cge-13.tar.gz
Execution:
perl cge.pl [target] [vulnerability number]
Example output:
[root@hacker cge-13]# perl cge.pl 192.168.1.254 3

Vulnerability successful exploited with [http://192.168.1.254/level/17/exec/....] ...

Posted by at No comments:
Labels: , , , , ,

Wednesday, 2 October 2013

[Kvasir] Tools for effective data management during a Penetration Test


Welcome to Kvasir! Herein these directories lay the groundwork tools for effective data management during a Penetration Test.

Penetration tests can be data management nightmares because of the large amounts of information that is generally obtained. Vulnerability scanners return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for just a few hosts. How easy is it to share all this data with your co-workers?

That's what Kvasir is here to help you with. Here's what you'll need to get started:

  •     The latest version of web2py (http://www.web2py.com/)
  •     A database (PostgreSQL known to work)
  •     A network vulnerability scanner (Nexpose/Nmap supported)
  •     Additional python libraries

Kvasir is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers.

This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every method used by the SPA team may directly relate we hope that this tool is something that can be molded and adapted to fit almost any working scenario.

Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Comments (Atom)