An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS XE
Hackers have been widely exploiting the this vulnerability which creates a 15 level privilege user by bypassing the authentication Which a malicous xml content make this exploitation the webui endpoint of cisco.This is not only for Exploitation also detects vulneable implant for exploitations and The tool can also use for mass detectiona and exploitation!.
git clone https://github.com/sanjai-AK47/CVE-2023-20198.git
cd CVE-2023-20198
pip install -r requirements.txtpython3 exploit.py --help
usage: exploit.py [-h] {Detect,Exploit} ...
[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-20198
options:
-h, --help show this help message and exit
[MODE]: Exploitation | Detections Modes:
{Detect,Exploit} [INFO]: Select either Exploit or Detect mode
Detect [INFO]: Detection mode detect the vulnerable implant to exploit
Exploit [INFO]: Exploitation mode exploit the vulnerable implant of CVE-2023-20198
python3 exploit.py Detect -h
usage: exploit.py Detect [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
python3 exploit.py Exploit -h
usage: exploit.py Exploit [-h] [-cfc CONFIG_CONTENT] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-cfc CONFIG_CONTENT, --config-content CONFIG_CONTENT
[INFO]: Customized config contents for exploitation
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
Since the exploitation and detection tool is developed by theoritical poc by Horizona3https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/Imp which is help me to develop this tool for this CVE and for detection it can detect the vulnerable cisco implant but for proper exploitation users needs to pass the malicous XML content that is is theoritical poc of horizona3 need to be given by users for exploitations because of only theoritical explaination have to do this but soon after proper information and resources will upgrade this exploitation and detection Tool
Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal purposes
Proof of conept Developed by D.Sanjai Kumar with