## https://sploitus.com/exploit?id=AF4F20F9-F1D7-5E63-BD2F-2BE8017C5213
# CVE-2023-20198
An Exploitation script developed to exploit the CVE-2023-20198 Cisco zero day vulnerability on their IOS XE
Hackers have been widely exploiting the this vulnerability which creates a 15 level privilege user by bypassing the authentication
Which a malicous xml content make this exploitation the webui endpoint of cisco.This is not only for Exploitation also detects
vulneable implant for exploitations and The tool can also use for mass detectiona and exploitation!.
# Installation
```bash
git clone https://github.com/sanjai-AK47/CVE-2023-20198.git
cd CVE-2023-20198
pip install -r requirements.txt
```
# Usages:
## Modes:
```bash
python3 exploit.py --help
usage: exploit.py [-h] {Detect,Exploit} ...
[DESCTIPTION]: Exploitation and Detection tool for Cisco CVE-2023-20198
options:
-h, --help show this help message and exit
[MODE]: Exploitation | Detections Modes:
{Detect,Exploit} [INFO]: Select either Exploit or Detect mode
Detect [INFO]: Detection mode detect the vulnerable implant to exploit
Exploit [INFO]: Exploitation mode exploit the vulnerable implant of CVE-2023-20198
```
## Detection:
```bash
python3 exploit.py Detect -h
usage: exploit.py Detect [-h] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
```
## Exploitation
```bash
python3 exploit.py Exploit -h
usage: exploit.py Exploit [-h] [-cfc CONFIG_CONTENT] [-d DOMAIN] [-dL DOMAINS_LIST] [-px PROXY] [-to TIME_OUT] [-o OUTPUT] [-v]
options:
-h, --help show this help message and exit
-cfc CONFIG_CONTENT, --config-content CONFIG_CONTENT
[INFO]: Customized config contents for exploitation
-d DOMAIN, --domain DOMAIN
[INFO]: Target domain for exploiting without protocol eg:(www.domain.com)
-dL DOMAINS_LIST, --domains-list DOMAINS_LIST
[INFO]: Targets domain for exploiting without protocol eg:(www.domain.com)
-px PROXY, --proxy PROXY
[INFO]: Switiching proxy will send request to your configured proxy (eg: BURPSUITE)
-to TIME_OUT, --time-out TIME_OUT
[INFO]: Switiching timeout will requests till for your timeout and also for BURPSUITE
-o OUTPUT, --output OUTPUT
[INFO]: File name to save output
-v, --verbose [INFO]: Switching verbose will shows failed and offline targets
```
# Information:
Since the exploitation and detection tool is developed by theoritical poc by [Horizona3](https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/)https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/Imp which is help me to develop this
tool for this CVE and for detection it can detect the vulnerable cisco implant but for proper exploitation users needs to pass the malicous XML content that is is theoritical poc of horizona3 need
to be given by users for exploitations because of only theoritical explaination have to do this but soon after proper information and resources will upgrade this exploitation and detection Tool
# Warning:
Important thing if any unethical exploitation the I'm not responsible for any illegal actions so plese use this for ethical and legal
purposes
Proof of conept Developed by [D.Sanjai Kumar](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) with โฅ๏ธ for any upgrade and miscoded contact me throguh my [LinkedIn](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/).
Thank you!