# 4786 - Cisco Smart Install {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
{% embed url="https://websec.nl/" %} ## Basic Information **Cisco Smart Install**λŠ” μƒˆλ‘œμš΄ Cisco ν•˜λ“œμ›¨μ–΄μ˜ 초기 ꡬ성 및 운영 체제 이미지λ₯Ό λ‘œλ“œν•˜λŠ” 과정을 μžλ™ν™”ν•˜λ„λ‘ μ„€κ³„λœ Cisco μ œν’ˆμž…λ‹ˆλ‹€. **기본적으둜 Cisco Smart Install은 Cisco ν•˜λ“œμ›¨μ–΄μ—μ„œ ν™œμ„±ν™”λ˜μ–΄ 있으며, 전솑 계측 ν”„λ‘œν† μ½œμΈ TCPλ₯Ό μ‚¬μš©ν•˜κ³  포트 λ²ˆν˜ΈλŠ” 4786μž…λ‹ˆλ‹€.** **κΈ°λ³Έ 포트:** 4786 ``` PORT STATE SERVICE 4786/tcp open smart-install ``` ## **슀마트 μ„€μΉ˜ μ•…μš© 도ꡬ** **2018λ…„, 이 ν”„λ‘œν† μ½œμ—μ„œ CVE-2018–0171μ΄λΌλŠ” μ‹¬κ°ν•œ 취약점이 λ°œκ²¬λ˜μ—ˆμŠ΅λ‹ˆλ‹€. μœ„ν˜‘ μˆ˜μ€€μ€ CVSS μŠ€μΌ€μΌμ—μ„œ 9.8μž…λ‹ˆλ‹€.** **Cisco Smart Install이 ν™œμ„±ν™”λœ TCP/4786 포트둜 μ „μ†‘λœ νŠΉλ³„νžˆ μ‘°μž‘λœ νŒ¨ν‚·μ΄ 버퍼 μ˜€λ²„ν”Œλ‘œμš°λ₯Ό μœ λ°œν•˜μ—¬ κ³΅κ²©μžκ°€ λ‹€μŒμ„ μˆ˜ν–‰ν•  수 있게 ν•©λ‹ˆλ‹€:** * μž₯치λ₯Ό κ°•μ œλ‘œ μž¬λΆ€νŒ… * RCE 호좜 * λ„€νŠΈμ›Œν¬ μž₯λΉ„μ˜ ꡬ성 λ„μš©. **이** [**SIET**](https://github.com/frostbits-security/SIET) **(슀마트 μ„€μΉ˜ μ•…μš© 도ꡬ)**λŠ” 이 취약점을 μ•…μš©ν•˜κΈ° μœ„ν•΄ κ°œλ°œλ˜μ—ˆμœΌλ©°, Cisco Smart Install을 λ‚¨μš©ν•  수 있게 ν•΄μ€λ‹ˆλ‹€. 이 κΈ°μ‚¬μ—μ„œλŠ” 합법적인 λ„€νŠΈμ›Œν¬ ν•˜λ“œμ›¨μ–΄ ꡬ성 νŒŒμΌμ„ μ½λŠ” 방법을 λ³΄μ—¬λ“œλ¦¬κ² μŠ΅λ‹ˆλ‹€. ꡬ성 μœ μΆœμ€ λ„€νŠΈμ›Œν¬μ˜ κ³ μœ ν•œ κΈ°λŠ₯에 λŒ€ν•΄ μ•Œκ²Œ λ˜λ―€λ‘œ νŽœν…ŒμŠ€ν„°μ—κ²Œ μœ μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. μ΄λŠ” 삢을 더 μ‰½κ²Œ λ§Œλ“€κ³  곡격을 μœ„ν•œ μƒˆλ‘œμš΄ 벑터λ₯Ό 찾을 수 있게 ν•΄μ€λ‹ˆλ‹€. **λŒ€μƒ μž₯μΉ˜λŠ” β€œμ‹€μ‹œκ°„β€ Cisco Catalyst 2960 μŠ€μœ„μΉ˜μž…λ‹ˆλ‹€. 가상 μ΄λ―Έμ§€λŠ” Cisco Smart Install이 μ—†μœΌλ―€λ‘œ μ‹€μ œ ν•˜λ“œμ›¨μ–΄μ—μ„œλ§Œ μ—°μŠ΅ν•  수 μžˆμŠ΅λ‹ˆλ‹€.** λŒ€μƒ μŠ€μœ„μΉ˜μ˜ μ£Όμ†ŒλŠ” **10.10.100.10이며 CSIκ°€ ν™œμ„±ν™”λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€.** SIETλ₯Ό λ‘œλ“œν•˜κ³  곡격을 μ‹œμž‘ν•˜μ„Έμš”. **-g 인수**λŠ” μž₯μΉ˜μ—μ„œ κ΅¬μ„±μ˜ μœ μΆœμ„ μ˜λ―Έν•˜λ©°, **-i 인수**λŠ” μ·¨μ•½ν•œ λŒ€μƒμ˜ IP μ£Όμ†Œλ₯Ό μ„€μ •ν•  수 있게 ν•΄μ€λ‹ˆλ‹€. ``` ~/opt/tools/SIET$ sudo python2 siet.py -g -i 10.10.100.10 ```
μŠ€μœ„μΉ˜ ꡬ성 **10.10.100.10**은 **tftp/** 폴더에 μžˆμŠ΅λ‹ˆλ‹€.
{% embed url="https://websec.nl/" %} {% hint style="success" %} AWS ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ GCP ν•΄ν‚Ή 배우기 및 μ—°μŠ΅ν•˜κΈ°: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
HackTricks μ§€μ›ν•˜κΈ° * [**ꡬ독 κ³„νš**](https://github.com/sponsors/carlospolop) ν™•μΈν•˜κΈ°! * **πŸ’¬ [**Discord κ·Έλ£Ή**](https://discord.gg/hRep4RUj7f) λ˜λŠ” [**ν…”λ ˆκ·Έλž¨ κ·Έλ£Ή**](https://t.me/peass)에 μ°Έμ—¬ν•˜κ±°λ‚˜ **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**λ₯Ό νŒ”λ‘œμš°ν•˜μ„Έμš”.** * **[**HackTricks**](https://github.com/carlospolop/hacktricks) 및 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) κΉƒν—ˆλΈŒ 리포지토리에 PR을 μ œμΆœν•˜μ—¬ ν•΄ν‚Ή νŒμ„ κ³΅μœ ν•˜μ„Έμš”.**
{% endhint %}