why the crash poc do not work

[b33t1e]

my firmware is asav-941-200.qcow2, the version info are shown below:

of course, the 64 bit catches my eyes! I note this on my config all the time.
I enable the snmp, ikev1, ikev2, webvpn on asa by "Configuring a Cisco ASA test environment from ground zero" and "asadbg/config/", thanks a lot. I verified every service works well.



every thing is OK, I'm ready to use the poc. But, nothing happend. Do not crash. Why???

[fidgetingbits]

I'd double check you're running the public PoC that sends the request twice. The original PoC didn't.

[b33t1e]

The poc I use is https://www.exploit-db.com/exploits/43986/, It's that anything wrong?

[b33t1e]

I note the http status code is 302, So I changed the poc to allow the request redirect. That is:

I use this poc, and the result is:

And the Cisco ASA is still not crash.

[fidgetingbits]

You shouldn't need the redirect enabled. The PoC you linked won't work by default. The authors fixed it on pastebin at some point. I don't recall off the top of my head if the 302 response is normal, and don't have time to test atm, but I'd try the other PoC for now.

[kiritowch]

Using the modified POC, I can't trigger crash, can you trigger now?

[b33t1e]

No :(
I will look it further to try make the poc work. Just try, because it's so hard for me. But it's interesting ^_^

[b33t1e]

hey, bro!
The same question I met when I read this tutorial, I do not use this method. I just ignored this.
I just show you my network

the ASAv ip:

this cloud should connect some network card(virtual or real):

the ip I use to debug the asav:

That is mean just to make the network connected.
Hope this will help.
Oh, my id is b33t1e, not b33tle :)