Share
## https://sploitus.com/exploit?id=AF4F20F9-F1D7-5E63-BD2F-2BE8017C5213
# CVE-2023-20198
An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS XE

Hackers have been widely exploiting the this vulnerability which creates a 15 level privilege user by bypassing the authentication
Which a malicous xml content make this exploitation the webui endpoint of cisco.This is not only for Exploitation also detects
vulneable implant for exploitations and The tool can also use for mass detectiona and exploitation!.

# Installation
```bash
git clone https://github.com/sanjai-AK47/CVE-2023-20198.git
cd CVE-2023-20198
pip install -r requirements.txt
```

# Usages:

## Modes:

```bash
python3 exploit.py --help                                                                                        
usage: exploit.py [-h] {Detect,Exploit} ...

[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-20198

options:
  -h, --help        show this help message and exit

[MODE]: Exploitation | Detections  Modes:
  {Detect,Exploit}  [INFO]: Select either Exploit or Detect mode
    Detect          [INFO]: Detection mode detect the vulnerable implant to exploit
    Exploit         [INFO]: Exploitation mode exploit the vulnerable implant of CVE-2023-20198

```

## Detection:

```bash
python3 exploit.py Detect -h                                                                        
usage: exploit.py Detect [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        [INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
  -dL DOMAINS_LIST, --domains-list DOMAINS_LIST
                        [INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
  -px PROXY, --proxy PROXY
                        [INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
  -to TIME_OUT, --time-out TIME_OUT
                        [INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
  -o OUTPUT, --output OUTPUT
                        [INFO]: File name to save output
  -v, --verbose         [INFO]: Switching verbose will shows failed and offline targets


```
## Exploitation

```bash
python3 exploit.py Exploit -h                                                                                    
usage: exploit.py Exploit [-h] [-cfc CONFIG_CONTENT] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]

options:
  -h, --help            show this help message and exit
  -cfc CONFIG_CONTENT, --config-content CONFIG_CONTENT
                        [INFO]: Customized config contents for exploitation
  -d DOMAIN, --domain DOMAIN
                        [INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
  -dL DOMAINS_LIST, --domains-list DOMAINS_LIST
                        [INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
  -px PROXY, --proxy PROXY
                        [INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
  -to TIME_OUT, --time-out TIME_OUT
                        [INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
  -o OUTPUT, --output OUTPUT
                        [INFO]: File name to save output
  -v, --verbose         [INFO]: Switching verbose will shows failed and offline targets

```

# Information:

Since the exploitation and detection tool is developed by theoritical poc by [Horizona3](https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/)https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/Imp which is help me to develop this 
tool for this CVE and for detection it can detect the vulnerable cisco implant but for proper exploitation users needs to pass the malicous XML content that is is theoritical poc of horizona3 need
to be given by users for exploitations because of only theoritical explaination have to do this but soon after proper information and resources will upgrade this exploitation and detection Tool


# Warning:
Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal 
purposes

Proof of conept Developed by [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) with โ™ฅ๏ธ for any upgrade and miscoded contact me throguh my [LinkedIn](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/).
Thank you!