Mailing List Archive

Default cisco login nasl
Hello there,



During some testing I found Nessus missed a Cisco device with default Cisco
credentials set on telnet, I looked for a nasl but strangely didn't find a
nasl that checks for this, only one or two to test a specific Cisco device
for a blank login. So attached is a nasl that checks for a number of default
Cisco credentials on telnet for a variety of Cisco devices.



Regards

Gareth









----nasl----

#

# This script was written by Gareth M Phillips

# SensePost PTY Ltd

#



if(description)

{

script_id(1234567);

script_cve_id("CAN-1999-0505");

script_version ("$Revision: 1.10 $");





name["english"] = "Cisco Devices Default Password Login";



script_name(english:name["english"]);



desc["english"] = "

The remote Cisco device has default Cisco/Weak user credentials set.

An attacker may be able to lock the owner out, perform traffic sniffing or

shutdown the network/device entirely.



Solution : telnet to this device and set a strong password,

access to this service should also be restircted to

authorized networks or hosts only or should be replaced with SSH.



Risk factor : High";





script_description(english:desc["english"]);



summary["english"] = "Checks for the default Cisco passwords";

script_summary(english:summary["english"]);



script_category(ACT_GATHER_INFO);





script_copyright(english:"This script is Copyright (C) 2006 SensePost PTY
Ltd");



family["english"] = "CISCO";



script_family(english:family["english"]);

script_dependencie("find_service.nes");

script_require_ports("Services/telnet", 23);

exit(0);

}





include('telnet_func.inc');



function test_cisco(username, password, show, port)

{

soc = open_sock_tcp(port);

if(soc)

{

r = telnet_negotiate(socket:soc);

r = recv_until(socket:soc, pattern:"(Username:|ogin:)");

send(socket:soc, data:string(username, "\r\n"));

r = recv_until(socket:soc, pattern:"(assword:|asswd:)");

send(socket:soc, data:string(password, "\r\n"));

r = recv(socket:soc, length:4096);

send(socket:soc, data:string(show, "show ver \r\n"));

r = recv_until(socket:soc, pattern:"(www.cisco.com|cisco)");

if("cisco" >< r)

{

report = string(

desc["english"],

"\n\n",

"Username/Password : \n",

username,"/",password

);



security_hole(port:port, data:report);

exit(0);

}

close(soc);



}

}



port = get_kb_item("Services/telnet");

if(!port)port = 23;

if(!get_port_state(port))exit(0);



banner = get_telnet_banner(port:port);

if (! banner || "User Access Verification" >!< banner) exit(0);



test_cisco(username:"cisco", password:"cisco", show:"", port:port);

test_cisco(username:"admin", password:"system", show:"", port:port);

test_cisco(username:"admin", password:"diamond", show:"", port:port);

test_cisco(username:"admin", password:"admin", show:"", port:port);

test_cisco(username:"cisco", password:"", show:"", port:port);

test_cisco(username:"admin", password:"cisco", show:"", port:port);

test_cisco(username:"monitor", password:"monitor", show:"", port:port);



----/nasl----
Re: Default cisco login nasl [ In reply to ]
Gareth M. Phillips dijo:
> Hello there,
>
>
>
> During some testing I found Nessus missed a Cisco device with default
> Cisco credentials set on telnet, I looked for a nasl but strangely
> didn’t find a nasl that checks for this, only one or two to test a
> specific Cisco device for a blank login. So attached is a nasl that
> checks for a number of default Cisco credentials on telnet for a variety
> of Cisco devices.
>

I sent Renaud a very long time ago (October 2005) a NASL script that
would do this very same thing. It's also available at
http://bugs.nessus.org/show_bug.cgi?id=1328

Why the script has not been made available in the GPL plugin feed
escapes me. But I guess both your script and mine should be merged.

Regards

Javier
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers