Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Cisco default password test
jfernandez at germinus
Sep 30, 2005, 4:20 AM
Post #1 of 2 (821 views)
Permalink
A while back [1] I wrote a Cisco default password test plugin
Attached is a new (untested) version of it, which testes SSH as well
as Telnet access and checks the banner for the Cisco device.

Unfortunately, I don't have access to any Cisco stuff right now. If
people can test and provide feedback (or patches) I would really
appreciate it.

I've submitted this as Bug #1328 in Nessus' bugzilla. I was quite
surprised at the time that Nessus is not able to find this common
misconfiguration. Maybe I've missed something.

There is lots of room for enhancement. For example, it could store the
CISCO IOS release in the KB so that other plugins (in the Registered
feed) could use the functions in cisco_func.inc to determine if the
system is vulnerable as is currently done through SNMP (all the
CSCXXXX.nasl stuff)

Or, it could store the user/password combination in the KB and have
another plugin test for common combinations that lead to 'enable' mode.

Notice that this plugin overlaps with #10754 (since there is test for
empty passwords here too).

Regards

Javier


http://mail.nessus.org/pipermail/nessus/2005-August/msg00034.html

Attached Files:

Re: Cisco default password test [ In reply to ]
jfernandez at germinus
Oct 4, 2005, 7:03 AM
Post #2 of 2 (780 views)
Permalink
Javier Fernandez-Sanguino wrote:

> A while back [1] I wrote a Cisco default password test plugin
> Attached is a new (untested) version of it, which testes SSH as well as
> Telnet access and checks the banner for the Cisco device.

I have received no feedback from this plugin, probably many out there
are just using Hydra for this task... Attached is a newer version that
hihglists some of the differences with Hydra. Let me menction a few here:

- Hydra does not do SSH for the Cisco plugin (it does do Telnet-SSL,
which this plugin does not)

- If you take a look at Hydra Cisco code you will notice that it will
generate false positives for some devices (such as a device named
'lasswan' or 'bcnfail104'. The Hydra plugin does not try to run
anything to make sure it has a CISCO command prompt there.

- The use of this plugin, storing results in the KB has a potential to
enhance the CSC* plugins (which use just SNMP to retrieve the IOS
release).

Well, I don't know if there are any Cisco shops out there... but they
might want to look at this, enhance it and send those enhancements
over here. It might not be as good for some stuff as rat ('Router
audit Tool') but this one is integrated into Nessus :-)

Regards

Javier

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal