# Validate with Metasploit
use auxiliary/scanner/http/cisco_directory_traversal
+CSCOCA+/ca_inc.lua
+CSCOCA+/crl/asa_ca.crl
+CSCOCA+/enroll.html
+CSCOCA+/login.html
+CSCOE+/041235123432C2
+CSCOE+/041235123432U2
+CSCOE+/app_index.html
+CSCOE+/appstart.js
+CSCOE+/appstatus
+CSCOE+/ask.html
+CSCOE+/auth.html
+CSCOE+/autosignon_api.js
+CSCOE+/blank.html
+CSCOE+/cedf.html
+CSCOE+/cedhelp.html
+CSCOE+/ced.html
+CSCOE+/cedlogon.html
+CSCOE+/cedmain.html
+CSCOE+/cedportal.html
+CSCOE+/cedsave.html
+CSCOE+/cert.html
+CSCOE+/color_picker.html
+CSCOE+/color_picker.js
+CSCOE+/common.js
+CSCOE+/commonspawn.js
+CSCOE+/display_bookmarks.lua
+CSCOE+/files/browse.html
+CSCOE+/files/domains_retr
+CSCOE+/files/file_action.html
+CSCOE+/files/files.js
+CSCOE+/files/files_retr
+CSCOE+/files/webfolder
+CSCOE+/files/wfolder
+CSCOE+/gp-gip.html
+CSCOE+/handler
+CSCOE+/help/webvpn_help
+CSCOE+/home/index.html
+CSCOE+/http_auth.html
+CSCOE+/include/browser_inc.lua
+CSCOE+/include/common.lua
+CSCOE+/include/plugin.lua
+CSCOE+/lced.html
+CSCOE+/load_bookmarks.lua
+CSCOE+/localization_inc.lua
+CSCOE+/logo.gif
+CSCOE+/logon_custom.css
+CSCOE+/logon_forms.js
+CSCOE+/logon.html
+CSCOE+/logon.html
+CSCOE+/logon_redirect.html
+CSCOE+/logout.html
+CSCOE+/message.html
+CSCOE+/noportal.html
+CSCOE+/nostcaccess.html
+CSCOE+/no_svc.html
+CSCOE+/ping.html
+CSCOE+/pluginlib.js
+CSCOE+/portal_ce.html
+CSCOE+/portal.css
+CSCOE+/portal_custom.css
+CSCOE+/portal_elements.html
+CSCOE+/portal_forms.js
+CSCOE+/portal.html
+CSCOE+/portal_inc.lua
+CSCOE+/portal.js
+CSCOE+/posturl.html
+CSCOE+/preview.html
+CSCOE+/relayjar.html
+CSCOE+/relaymonjar.html
+CSCOE+/relaymonocx.html
+CSCOE+/relayocx.html
+CSCOE+/running.conf
+CSCOE+/saml/sp/acs
+CSCOE+/saml/sp/login
+CSCOE+/saml/sp/metadata
+CSCOE+/save_capture.html
+CSCOE+/sdesktop/fail.html
+CSCOE+/sdesktop/logout.html
+CSCOE+/sdesktop/scan.xml
+CSCOE+/sdesktop/tokenrenew.xml
+CSCOE+/sdesktop/token.xml
+CSCOE+/sdesktop/wait.html
+CSCOE+/sdesktop/webstart.xml
+CSCOE+/session.js
+CSCOE+/session_password.html
+CSCOE+/sess_update.html
+CSCOE+/shshim
+CSCOE+/shshimdo_url
+CSCOE+/smart_tunnel_install.html
+CSCOE+/st_dl.json
+CSCOE+/svc.html
+CSCOE+/tlbr
+CSCOE+/tlbrportal_forms.js
+CSCOE+/tunnel_linux.jnlp
+CSCOE+/tunnel_mac.html
+CSCOE+/tunnel_mac.jnlp
+CSCOE+/useralert.html
+CSCOE+/user_dialog.html
+CSCOE+/win.js
+CSCOE+/wrong_url.html
+CSCOL+/cte_fallback.js
+CSCOL+/cte.js
+CSCOL+/relayparam.js
+CSCOL+/sw.js
+CSCOL+/xsl.js
CSCOSSLC/config-auth
+CSCOT+/oem-customization
+CSCOT+/translation
+CSCOT+/translation-table
+CSCOU+/anyconnect_unsupported_version.html
+CSCOU+/anyconnect_wrong_url.html
+CSCOU+/portal.css
+CSCOU+/sample.html
locale/manifest_data.lua
If you have compromised a valid users session to Cisco ASA you can recover plaintext credentials leveraging the following exploit:
