Re: cisco password (analysis)

From: Noam Rathaus (noamrat_private)
Date: Tue Sep 04 2001 - 05:02:29 PDT

Next message: Renaud Deraison: "Re: cisco password (analysis)"

Previous message: John Lampe: "Re: cisco password (analysis)"
In reply to: John Lampe: "Re: cisco password (analysis)"
Next in thread: Renaud Deraison: "Re: cisco password (analysis)"
Reply: Renaud Deraison: "Re: cisco password (analysis)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Again as I said, it is much better to consolidate the password / username
settings (which passwords to try) into a NASL program that will externally
load them from the accounts.txt

Thanks
Noam Rathaus
http://www.SecuriTeam.com
http://www.BeyondSecurity.com

Know that you're safe (against Code Red and other vulnerabilities):
http://www.AutomatedScanning.com/


----- Original Message -----
From: "John Lampe" <j_lampeat_private>
To: "Renaud Deraison" <deraisonat_private>;
<plugins-writersat_private>
Sent: Monday, September 03, 2001 23:26
Subject: Re: cisco password (analysis)


> Might it add some value to look for the "Password:" prompt after the 3-way
> handshake to port 23?  Incidentally, I wrote such a check and sent to you
> several months ago.  I'll paste the script in below...
>
>
> #
> # This script was written by John Lampe (j_lampeat_private)
> #
> #
> # See the Nessus Scripts License for details
> #
> if(description)
> {
>   script_id();
>   script_cve_id("");
>   script_name(english:"Check for Cisco default passwords");
>   desc["english"] = "
> Checks to see if the Cisco router still has a default login password
> Solution : Change your password";
>
>   script_description(english:desc["english"]);
>   script_summary(english:"Check for existence of default Cisco
Passwords");
>   script_category(ACT_GATHER_INFO);
>   script_family(english:"Remote file access");
>   script_copyright(english:"By John Lampe....j_lampeat_private");
>   exit(0);
> }
>
>
>
>
> function guess_pass (pass) {
>   soc=open_sock_tcp(port);
>   if(!soc)return(0);
>   incoming = recv (socket:soc, length:1024);
>   if (egrep(pattern:"^Password:" , string: incoming)) {
>       send(socket:soc, data:pass);
>       inbuff=recv(socket:soc, length:1024);
>       if (!(egrep(pattern:"^Password:", string: inbuff)) ) {
>           return(pass);
>       }
>   } else {
>       close (soc);
>       exit(0);
>   }
>   close(soc);
>   return (0);
> }
>
>
> port=23;
>
> passwd[0] = "c";
> passwd[1] = "cisco";
> passwd[2] = "cc";
> passwd[3] = "";
> passwd[4] = "password";
> passwd[5] = "secret";
> passwd[6] = "secrets";
> passwd[7] = "Cisco router";
> passwd[8] = "system";
>
> mywarning = string ("We were able to log into the router with password ");
> if(get_port_state(port)) {
>     for (i=0; i<9; i = i+1) {
>         mypasswd = string(passwd[i] , "\n");
>         check = guess_pass(pass:mypasswd);
>         if (check != 0) {
>             mymsg = string ("logged into router with passwd " , check,
"\n");
>             security_hole (port:port, data:mymsg);
>             exit(0);
>         }
>     }
> }
> exit(0);
>
>
>
> --
> John Lampe
> https://f00dikator.hn.org/
> http://f00dikator.hobbiton.org/
>

Next message: Renaud Deraison: "Re: cisco password (analysis)"
Previous message: John Lampe: "Re: cisco password (analysis)"
In reply to: John Lampe: "Re: cisco password (analysis)"
Next in thread: Renaud Deraison: "Re: cisco password (analysis)"
Reply: Renaud Deraison: "Re: cisco password (analysis)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 04:09:47 PDT