Payload

This document outlines a script for checking Cisco IOS XE backdoors related to CVE-2023-20198 and CVE-2023-20273. It includes instructions for setting up the script, defining variables, and executing commands to detect potential attacks. The script is designed to run continuously and take action, such as rebooting the system, if an attack is detected.

Uploaded by

y2901773

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

6 views2 pages

Payload

Uploaded by

y2901773

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 2

REM

###################################################################################
##########
REM #
#
REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-
2023-20273 #
REM # Author : Aleff
#
REM # Version : 1.0
#
REM # Category : incident-response
#
REM # Target : Cisco IOS XE
#
REM #
#
REM
###################################################################################
##########

REM Set the script name, the default name is auto-check.sh but you can change it
here since is used the DuckyScript variable #SCRIPT-NAME.
DEFINE #SCRIPT-NAME auto-check.sh

REM Here you must set your sudo password that permit to give the executable
permissions to the file
DEFINE #SUDO-PSWD example

REM Here you chould define the script path, if you don't change it is selected the
default path, so the home path. If, for istance, you have a specific path where you
put some stuff like this you can edit thi DuckyScript variable with the correct
path
DEFINE #PATH-TO-SCRIPT ./

EXTENSION DETECT_READY
REM VERSION 1.1
REM AUTHOR: Korben

REM_BLOCK DOCUMENTATION
USAGE:
Extension runs inline (here)
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
boot delay

TARGETS:
Any system that reflects CAPSLOCK will detect minimum required delay
Any system that does not reflect CAPSLOCK will hit the max delay of
3000ms
END_REM

REM CONFIGURATION:
DEFINE #RESPONSE_DELAY 25
DEFINE #ITERATION_LIMIT 120

VAR $C = 0
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
CAPSLOCK
DELAY #RESPONSE_DELAY
$C = ($C + 1)
END_WHILE
CAPSLOCK
END_EXTENSION

CTRL-ALT t
DELAY 1000

STRINGLN
echo 'while true; do
response=$(curl -k -H "Authorization:
0ff4fbf0ecffa77ce8d3852a29263e263838e9bb" -X POST
https://systemip/webui/logoutconfirm.html?logon_hash=1)

if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then

if [ $? -eq 0]; then
# Attack detected, here you decide what to do in this
moment
# 1. Send an email to sec-team
# 2. Do some other ops
# ...
# 3. What do you want to do?
# Can you reboot the system or you need to do something else
before?
# Do you want to close it?
# ...

# The only one way to close the backdoor is reboot the

system, so don t change it (?)...
# |-> See the Conseguence section in README
reboot
else
# You are safe :-)
fi
fi
sleep 300 # wait time
done' > #PATH-TO-SCRIPT#SCRIPT-NAME
END_STRINGLN

REM To avoid some bad DELAY I decided to use only one command row

REM Old script

REM STRINGLN sudo chmod +x #SCRIPT-NAME
REM DELAY 500
REM STRINGLN #SUDO-PSWD
REM DELAY 3000
REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $
REM STRINGLN exit

REM Optimized script

STRINGLN sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit
DELAY 500
STRINGLN #SUDO-PSWD

51294
No ratings yet
51294
3 pages
Vulnerability Scanner
No ratings yet
Vulnerability Scanner
12 pages
53768-HOQK451 RSC
No ratings yet
53768-HOQK451 RSC
4 pages
Networked Writeup: Gobuster
No ratings yet
Networked Writeup: Gobuster
8 pages
53835-KPWM509 RSC
No ratings yet
53835-KPWM509 RSC
4 pages
ChangeIP.com dDNS Bash Update Script
No ratings yet
ChangeIP.com dDNS Bash Update Script
2 pages
Hack Captive Mial
No ratings yet
Hack Captive Mial
3 pages
CLI Way of Installing Paramiko
No ratings yet
CLI Way of Installing Paramiko
4 pages
Evidencia 1
No ratings yet
Evidencia 1
7 pages
CyberAces Module3-Bash 5 PracticalUses
No ratings yet
CyberAces Module3-Bash 5 PracticalUses
16 pages
Router Security Configuration Guide
No ratings yet
Router Security Configuration Guide
4 pages
All UNIX COMMANDS
100% (4)
All UNIX COMMANDS
658 pages
Security Automation With Ansible
100% (1)
Security Automation With Ansible
28 pages
OSCP Survival Guide
No ratings yet
OSCP Survival Guide
33 pages
04.01.2021 - Script Laboratório
No ratings yet
04.01.2021 - Script Laboratório
6 pages
BCSL 63
No ratings yet
BCSL 63
8 pages
Bitwarden
No ratings yet
Bitwarden
6 pages
PT Script
No ratings yet
PT Script
5 pages
ICMP
No ratings yet
ICMP
8 pages
Cis Rhel Linux RCL
No ratings yet
Cis Rhel Linux RCL
7 pages
Teste
No ratings yet
Teste
5 pages
Codify
No ratings yet
Codify
16 pages
Firewalll
No ratings yet
Firewalll
15 pages
Commandlinefu All
100% (1)
Commandlinefu All
481 pages
BCSL 063 Assignment
No ratings yet
BCSL 063 Assignment
10 pages
Setup Termux Desktop
No ratings yet
Setup Termux Desktop
87 pages
A2 CC (Assi2)
No ratings yet
A2 CC (Assi2)
6 pages
IPD-Network Prorgammability With Netmiko
No ratings yet
IPD-Network Prorgammability With Netmiko
36 pages
OSCP Survival Guide
No ratings yet
OSCP Survival Guide
63 pages
Terminal Fedora x23
No ratings yet
Terminal Fedora x23
44 pages
Terminal Fedora x25
No ratings yet
Terminal Fedora x25
41 pages
Iptables Synproxy - SH
No ratings yet
Iptables Synproxy - SH
3 pages
OSCP Survival Guide
No ratings yet
OSCP Survival Guide
52 pages
Sample VM Writeup
No ratings yet
Sample VM Writeup
13 pages
Walk Throught
No ratings yet
Walk Throught
4 pages
Chapter 11 - Comprehensive Lab - txt-1
33% (3)
Chapter 11 - Comprehensive Lab - txt-1
7 pages
Step-by-Step Guide With Visuals
No ratings yet
Step-by-Step Guide With Visuals
9 pages
Cisco ASA Security Insights
No ratings yet
Cisco ASA Security Insights
111 pages
Firewall Engineer Ruxcon
No ratings yet
Firewall Engineer Ruxcon
111 pages
10 Corporate Realtime Shell Scripts
No ratings yet
10 Corporate Realtime Shell Scripts
7 pages
Main Yml
No ratings yet
Main Yml
4 pages
OSCP Notes - Shells
No ratings yet
OSCP Notes - Shells
5 pages
CBI Security MCQs Linux CheatSheet
No ratings yet
CBI Security MCQs Linux CheatSheet
4 pages
Linux System Administration Tasks
No ratings yet
Linux System Administration Tasks
19 pages
CLF ALL
No ratings yet
CLF ALL
464 pages
Cool Unix CLI
100% (1)
Cool Unix CLI
464 pages
Ala Ele
No ratings yet
Ala Ele
5 pages
CCNA 2 v5.0 Routing and Switching: Home CCNA v6.0 CCNA Security V2 IT-Essentials
No ratings yet
CCNA 2 v5.0 Routing and Switching: Home CCNA v6.0 CCNA Security V2 IT-Essentials
14 pages
Assessment 2 - Linux
No ratings yet
Assessment 2 - Linux
11 pages
Os File 11-30
No ratings yet
Os File 11-30
24 pages
Document PDF
No ratings yet
Document PDF
5 pages
Lab 1-1 Performing Switch Startup and Initial Configuration
No ratings yet
Lab 1-1 Performing Switch Startup and Initial Configuration
15 pages
Chapter 30. Network Programming: Prev (Procref1.html) Next (Zeros - HTML)
No ratings yet
Chapter 30. Network Programming: Prev (Procref1.html) Next (Zeros - HTML)
5 pages
Exploiting FXP and Rsync on Linux
No ratings yet
Exploiting FXP and Rsync on Linux
15 pages
Router Challenge 195
No ratings yet
Router Challenge 195
28 pages
Shell Script 1710634277
No ratings yet
Shell Script 1710634277
17 pages
Rtes HW04 99101773
No ratings yet
Rtes HW04 99101773
11 pages
Storage Activity Example1
No ratings yet
Storage Activity Example1
1 page
Save Files in Rubber Ducky Storage Windows
No ratings yet
Save Files in Rubber Ducky Storage Windows
2 pages
Loops Example1
No ratings yet
Loops Example1
1 page
Lock Keys Example2
No ratings yet
Lock Keys Example2
1 page
Payload Control Example1
No ratings yet
Payload Control Example1
1 page
Conditions Example3
No ratings yet
Conditions Example3
1 page
Conditions Example6
No ratings yet
Conditions Example6
1 page
WiFi Exfil To Discord
No ratings yet
WiFi Exfil To Discord
1 page
Button Example2
No ratings yet
Button Example2
1 page
ATTACKMODE Example2
No ratings yet
ATTACKMODE Example2
1 page
PNP PCB v9 Front
No ratings yet
PNP PCB v9 Front
1 page
Traffic Light Control
No ratings yet
Traffic Light Control
1 page
Payload
No ratings yet
Payload
1 page
Conditional Probability Practice
No ratings yet
Conditional Probability Practice
2 pages
User Manual (MeasureMind 3D)
100% (1)
User Manual (MeasureMind 3D)
271 pages
Catalogo de Peças CPD20-25 H2000 (2011)
No ratings yet
Catalogo de Peças CPD20-25 H2000 (2011)
91 pages
Mass Spectrometry Basics Explained
0% (1)
Mass Spectrometry Basics Explained
8 pages
Celer AFLA Aflatoxin Detection Kit
No ratings yet
Celer AFLA Aflatoxin Detection Kit
4 pages
Pipeline Capacity Increase
No ratings yet
Pipeline Capacity Increase
8 pages
Standard Test Method For Hydrazine
No ratings yet
Standard Test Method For Hydrazine
4 pages
C++Lab Notes
No ratings yet
C++Lab Notes
20 pages
Do All 3613 Band Saw
No ratings yet
Do All 3613 Band Saw
164 pages
Arvind Textile Internship Report-Final 2015
0% (2)
Arvind Textile Internship Report-Final 2015
44 pages
Accessories & Equipment Frame - Components Location - CR-V (Hybrid)
No ratings yet
Accessories & Equipment Frame - Components Location - CR-V (Hybrid)
11 pages
L2 BioMols
No ratings yet
L2 BioMols
65 pages
(Ebook) Digital Underwater Acoustic Communications by Lufen Xu, Tianzeng Xu ISBN 9780128030097, 9780128030295, 0128030097, 0128030291 PDF Download
100% (3)
(Ebook) Digital Underwater Acoustic Communications by Lufen Xu, Tianzeng Xu ISBN 9780128030097, 9780128030295, 0128030097, 0128030291 PDF Download
127 pages
Merlin INstallation Prolift 230t
No ratings yet
Merlin INstallation Prolift 230t
16 pages
The Influence of ATM Service Quality On Customer Satisfaction in
No ratings yet
The Influence of ATM Service Quality On Customer Satisfaction in
15 pages
LTE Q&A: Data Rates, Protocols & Channels
100% (5)
LTE Q&A: Data Rates, Protocols & Channels
11 pages
Languish in Pain Alab NG Puso Deleterious Effect On
No ratings yet
Languish in Pain Alab NG Puso Deleterious Effect On
6 pages
Chemical Kinetics
No ratings yet
Chemical Kinetics
6 pages
Audit Sampling Techniques Guide
100% (1)
Audit Sampling Techniques Guide
16 pages
Unit 0 Packet
No ratings yet
Unit 0 Packet
6 pages
Half Equations HL IB Chemistry Revision Notes 2
No ratings yet
Half Equations HL IB Chemistry Revision Notes 2
1 page
Jku Computer Science Model Exam 2
No ratings yet
Jku Computer Science Model Exam 2
18 pages
Periodic Table
No ratings yet
Periodic Table
19 pages
Papers/electronics-Communication-Engineering-Ece/33133052: 25 Best Embedded Systems Interview Questions and Answers
No ratings yet
Papers/electronics-Communication-Engineering-Ece/33133052: 25 Best Embedded Systems Interview Questions and Answers
4 pages
Introduction To Refrigeration and Air Conditioning
100% (3)
Introduction To Refrigeration and Air Conditioning
101 pages
RenewableEnergy PDF
No ratings yet
RenewableEnergy PDF
28 pages
IIT JEE (Advance) Physics Syllabus
No ratings yet
IIT JEE (Advance) Physics Syllabus
3 pages
Capitulo 2 - Materiales de Madera
No ratings yet
Capitulo 2 - Materiales de Madera
20 pages
PQ PP Puniska
No ratings yet
PQ PP Puniska
3 pages
Best Practices Guide For Microsoft SQL Server With ONTAP: Technical Report
No ratings yet
Best Practices Guide For Microsoft SQL Server With ONTAP: Technical Report
51 pages

Payload

Uploaded by

Payload

Uploaded by

REM

if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then

# The only one way to close the backdoor is reboot the

REM Old script

REM Optimized script

You might also like