--== P H E N O E L I T ==-- ____ _______ _____ _______ ____ ____ / /__ __/ __ ___ ______ / /______/__ __/ ______ / / / / / / / -*-/ \_/ // / / / / / / -*- / __ / / / / / / / / __ / /\_// // __ / / /\ \ __ / / / __ / / / / / /__/ / /____/ / / // / / // / / / / / / / / / / / / / / / /_/ / /__________/______/_/ /_//_/ /_//_/ /_/ /_/ /_/_/ /_/ /_/ /_/ /_____/ |
Just another exploit shown in Las Vegas 2003:
IOS 11.x remote HTTP exploit: CiscoCasumEst.tgz
IOS 11.x remote sniffer: iosniff.tgz
Just the example exploit from Las Vegas 2002:
Cisco IOS 11.1-11.3 TFTP-Server remote exploit. Uploads the config supplied in the
command line to the router and restarts it. Code works unmodifed on Cisco 1600
series routers. With a little tweaking of the stack address and other stuff,
it should work on the 1000 series too. Exploitation of 11.1 is a bit more
complicated. Feedback appreciated.
UltimaRatioVegas.c
The Cisco VPN Concentrator DoS code is available here
Cisco IOS 11.2.x-12.0.x OSPF remote exploit is here
IOStack.pl is a script to read out IOS stack return address locations. Give it a
try on your Cisco boxes.
Download the second version here: IOStack2.tgz
(Old version: IOStack.tgz)