Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-30 00:20:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/4786-cisco-smart-install.md

68 lines
4.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 4786 - Cisco Smart Install
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Unataka kuona **kampuni yako ikitangazwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
</details>
<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
{% embed url="https://websec.nl/" %}
## Taarifa Msingi
**Cisco Smart Install** ni programu iliyoundwa na Cisco kiotomatiki usanidi wa awali na kupakia picha ya mfumo wa uendeshaji kwa vifaa vipya vya Cisco. **Kwa chaguo-msingi, Cisco Smart Install iko hai kwenye vifaa vya Cisco na hutumia itifaki ya safu ya usafirishaji, TCP, na nambari ya bandari 4786.**
**Bandari ya chaguo-msingi:** 4786
```
PORT STATE SERVICE
4786/tcp open smart-install
```
## **Chombo cha Kutumia Utekaji wa Smart Install**
**Mwaka wa 2018, kasoro muhimu, CVE-20180171, iligunduliwa katika itifaki hii. Kiwango cha tishio ni 9.8 kwenye kiwango cha CVSS.**
**Pakiti iliyoundwa maalum iliyotumwa kwa bandari ya TCP/4786, ambapo Cisco Smart Install inaendeshwa, inachochea kujaa kwa kijazo cha uwezo, ikiruhusu mshambuliaji:**
* kuzima kifaa kwa nguvu
* kuita RCE
* kuiba mipangilio ya vifaa vya mtandao.
**[**SIET**](https://github.com/frostbits-security/SIET) **(Chombo cha Kutumia Utekaji wa Smart Install)** kilibuniwa kutumia kasoro hii, kinakuruhusu kutumia Cisco Smart Install. Katika makala hii nitakuonyesha jinsi unavyoweza kusoma faili halali ya mipangilio ya vifaa vya mtandao. Kuweka mazingira ya kufichua inaweza kuwa muhimu kwa mtu anayefanya majaribio ya udukuzi kwa sababu itamjulisha kuhusu sifa za pekee za mtandao. Na hii itafanya maisha kuwa rahisi na kuruhusu kupata njia mpya za mashambulizi.
**Kifaa cha lengo kitakuwa "live" Cisco Catalyst 2960 switch. Picha za kisasa hazina Cisco Smart Install, hivyo unaweza kufanya mazoezi kwenye vifaa halisi tu.**
Anwani ya switch ya lengo ni **10.10.100.10 na CSI inaendeshwa.** Pakia SIET na anzisha shambulio. **Hoja ya -g** inamaanisha kufichua mipangilio kutoka kwenye kifaa, **hoja ya -i** inakuruhusu kuweka anwani ya IP ya lengo lenye kasoro.
```
~/opt/tools/SIET$ sudo python2 siet.py -g -i 10.10.100.10
```
<figure><img src="../.gitbook/assets/image (770).png" alt=""><figcaption></figcaption></figure>
Mipangilio ya switch **10.10.100.10** itakuwa katika folda ya **tftp/**
<figure><img src="../.gitbook/assets/image (1113).png" alt=""><figcaption></figcaption></figure>
<figure><img src="/.gitbook/assets/WebSec_1500x400_10fps_21sn_lightoptimized_v2.gif" alt=""><figcaption></figcaption></figure>
{% embed url="https://websec.nl/" %}
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* Je, unafanya kazi katika kampuni ya **usalama wa mtandao**? Unataka kuona **kampuni yako ikionyeshwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) **Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au **kikundi cha telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
</details>
Reference in a new issue View git blame Copy permalink