[Openvas-commits] r11581 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Sep 7 13:49:11 CEST 2011
Author: mime
Date: 2011-09-07 13:49:07 +0200 (Wed, 07 Sep 2011)
New Revision: 11581
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/3com_switches.nasl
trunk/openvas-plugins/scripts/Accelar_1200.nasl
trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl
trunk/openvas-plugins/scripts/avaya_switches.nasl
trunk/openvas-plugins/scripts/cisco_default_pw.nasl
trunk/openvas-plugins/scripts/default_credentials.inc
Log:
Modified to use credentials from default_credentials.inc.Added a few more credentials.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/ChangeLog 2011-09-07 11:49:07 UTC (rev 11581)
@@ -1,3 +1,15 @@
+2011-09-07 Michael Meyer <michael.meyer at greenbone.net>
+
+ * scripts/avaya_switches.nasl,
+ scripts/Allied_Telesyn_telnet.nasl,
+ scripts/Accelar_1200.nasl,
+ scripts/3com_switches.nasl,
+ scripts/cisco_default_pw.nasl:
+ Modified to use credentials from default_credentials.inc.
+
+ * scripts/default_credentials.inc:
+ Added a few more credentials.
+
2011-08-07 Veerendra G.G <veerendragg at secpod.com>
* scripts/gb_ubuntu_USN_1197_1.nasl,
Modified: trunk/openvas-plugins/scripts/3com_switches.nasl
===================================================================
--- trunk/openvas-plugins/scripts/3com_switches.nasl 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/3com_switches.nasl 2011-09-07 11:49:07 UTC (rev 11581)
@@ -62,22 +62,13 @@
}
include('telnet_func.inc');
+include("default_credentials.inc");
port = 23; # the port can't be changed
banner = get_telnet_banner(port:port);
if ( "Login : " >!< banner ) exit(0);
-login[0] = string("monitor");
-login[1] = string("manager");
-login[2] = string("security");
-login[3] = string("admin");
-
-password[0] = string("monitor");
-password[1] = string("manager");
-password[2] = string("security");
-password[3] = string("");
-
bfound = 0;
res = string("Standard passwords were found on this 3Com Superstack switch.\n");
@@ -86,25 +77,34 @@
if(get_port_state(port))
{
- for ( i=0; i<4; i = i + 1 )
- {
+ foreach credential (credentials)
+ {
+
+ user_pass = split(credential, sep:";",keep:FALSE);
+ if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+
+ user = chomp(user_pass[0]);
+ pass = chomp(user_pass[1]);
+
+ if(tolower(pass) == "none")pass = "";
+
soc = open_sock_tcp(port);
if(soc)
{
r = recv(socket:soc, length:160);
if("Login: " >< r)
{
- tmp = string(login[i], "\r\n");
+ tmp = string(user, "\r\n");
send(socket:soc, data:tmp);
r = recv_line(socket:soc, length:2048);
- tmp = string(password[i], "\r\n");
+ tmp = string(pass, "\r\n");
send(socket:soc, data:tmp);
r = recv(socket:soc, length:4096);
if ( "logout" >< r )
{
bfound = 1;
- res = string(res, login[i], ":", login[i], "\n");
+ res = string(res, user, ":", pass, "\n");
}
}
Modified: trunk/openvas-plugins/scripts/Accelar_1200.nasl
===================================================================
--- trunk/openvas-plugins/scripts/Accelar_1200.nasl 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/Accelar_1200.nasl 2011-09-07 11:49:07 UTC (rev 11581)
@@ -62,8 +62,7 @@
#
include("telnet_func.inc");
-usrname = string("rwa\r\n");
-password = string("rwa\r\n");
+include("default_credentials.inc");
port = 23;
if(get_port_state(port))
@@ -72,15 +71,26 @@
if ( ! tnb ) exit(0);
if ("Accelar 1200" >< tnb)
{
+
+ foreach credential (credentials) {
+
+ user_pass = split(credential, sep:";",keep:FALSE);
+ if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+
+ user = chomp(user_pass[0]);
+ pass = chomp(user_pass[1]);
+
+ if(tolower(pass) == "none")pass = "";
+
soc = open_sock_tcp(port);
if(soc)
{
answer = recv(socket:soc, length:4096);
if("ogin:" >< answer)
{
- send(socket:soc, data:usrname);
+ send(socket:soc,data:string(user,"\r\n"));
answer = recv(socket:soc, length:4096);
- send(socket:soc, data:password);
+ send(socket:soc, data:string(pass,"\r\n"));
answer = recv(socket:soc, length:4096);
if("Accelar-1200" >< answer)
{
@@ -90,6 +100,8 @@
close(soc);
}
+ }
+
}
}
Modified: trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl
===================================================================
--- trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/Allied_Telesyn_telnet.nasl 2011-09-07 11:49:07 UTC (rev 11581)
@@ -63,8 +63,6 @@
#
include("telnet_func.inc");
-usrname = string("manager\r\n");
-password = string("friend\r\n");
port = 23;
if(get_port_state(port))
@@ -72,15 +70,26 @@
tnb = get_telnet_banner(port);
if ("TELNET session" >< tnb)
{
+
+ foreach credential (credentials) {
+
+ user_pass = split(credential, sep:";",keep:FALSE);
+ if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+
+ user = chomp(user_pass[0]);
+ pass = chomp(user_pass[1]);
+
+ if(tolower(pass) == "none")pass = "";
+
soc = open_sock_tcp(port);
if(soc)
{
answer = recv(socket:soc, length:4096);
if("ogin:" >< answer)
{
- send(socket:soc, data:usrname);
+ send(socket:soc, data:string(user,"\r\n"));
answer = recv(socket:soc, length:4096);
- send(socket:soc, data:password);
+ send(socket:soc, data:string(pass,"\r\n"));
answer = recv(socket:soc, length:4096);
if("Manager" >< answer)
{
@@ -90,6 +99,8 @@
close(soc);
}
+ }
+
}
}
Modified: trunk/openvas-plugins/scripts/avaya_switches.nasl
===================================================================
--- trunk/openvas-plugins/scripts/avaya_switches.nasl 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/avaya_switches.nasl 2011-09-07 11:49:07 UTC (rev 11581)
@@ -62,9 +62,9 @@
#
include("telnet_func.inc");
-usrname = string("root\r\n");
-password = string("root\r\n");
+include("default_credentials.inc");
+
port = 23;
if(get_port_state(port))
{
@@ -72,15 +72,26 @@
if ( ! tnb ) exit(0);
if ("Welcome to P330" >< tnb)
{
+
+ foreach credential (credentials) {
+
+ user_pass = split(credential, sep:";",keep:FALSE);
+ if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+
+ user = chomp(user_pass[0]);
+ pass = chomp(user_pass[1]);
+
+ if(tolower(pass) == "none")pass = "";
+
soc = open_sock_tcp(port);
if(soc)
{
answer = recv(socket:soc, length:4096);
if("ogin:" >< answer)
{
- send(socket:soc, data:usrname);
+ send(socket:soc,data:string(user,"\r\n"));
answer = recv(socket:soc, length:4096);
- send(socket:soc, data:password);
+ send(socket:soc, data:string(pass,"\r\n"));
answer = recv(socket:soc, length:4096);
if("Password accepted" >< answer)
{
@@ -89,7 +100,7 @@
}
close(soc);
}
-
+ }
}
}
Modified: trunk/openvas-plugins/scripts/cisco_default_pw.nasl
===================================================================
--- trunk/openvas-plugins/scripts/cisco_default_pw.nasl 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/cisco_default_pw.nasl 2011-09-07 11:49:07 UTC (rev 11581)
@@ -60,8 +60,8 @@
script_id(23938);
script_cve_id("CVE-1999-0508");
script_version ("$Revision: 1.9 $");
- script_tag(name:"cvss_base", value:"4.6");
- script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
name = "Cisco default password";
@@ -91,6 +91,7 @@
include('default_account.inc');
include('telnet_func.inc');
include('global_settings.inc');
+include("default_credentials.inc");
if ( supplied_logins_only ) exit(0);
@@ -165,21 +166,27 @@
local_var port, ret, banner, soc, res;
- if ( ssh_port )
- {
+ if ( ssh_port && get_port_state(ssh_port))
+ {
# Prefer login thru SSH rather than telnet
soc = open_sock_tcp(ssh_port);
if ( soc )
{
- ret = ssh_login(socket:soc, login:account, password:password);
- close(soc);
+ ret = ssh_login(socket:soc, login:login, password:password);
if ( ret == 0 ) {
- desc += '\n\nPlugin Output :\n\nIt was possible to log in as \'' + login + '\'/\'' + password + '\'\n';
- security_hole(port:ssh_port, data:desc);
- exit(0);
- }
- else return 0;
+ r = ssh_cmd(socket:soc, cmd: string("show ver\r\n"), timeout:60);
+ if("Cisco Internetwork Operating System Software" >< r || "Cisco IOS Software" >< r) {
+ desc += '\n\nPlugin Output :\n\nIt was possible to log in as \'' + login + '\'/\'' + password + '\'\n';
+ security_hole(port:ssh_port, data:desc);
+ close(soc);
+ exit(0);
+ }
}
+ else {
+ close(soc);
+ return 0;
+ }
+ }
else
ssh_port = 0;
}
@@ -211,8 +218,8 @@
# SSH disabled for now
-#ssh_port = get_kb_item("Services/ssh");
-#if ( ! ssh_port ) ssh_port = 22;
+ssh_port = get_kb_item("Services/ssh");
+if ( ! ssh_port ) ssh_port = 22;
telnet_port = get_kb_item("Services/telnet");
@@ -224,11 +231,18 @@
check_cisco_account(login:"", password:"");
if ( safe_checks() == 0 )
{
- check_cisco_account(login:"cisco", password:"");
- check_cisco_account(login:"admin", password:"cisco");
- check_cisco_account(login:"admin", password:"diamond");
- check_cisco_account(login:"admin", password:"admin");
- check_cisco_account(login:"admin", password:"system");
- check_cisco_account(login:"monitor", password:"monitor");
+ foreach credential (credentials) {
+
+ user_pass = split(credential, sep:";",keep:FALSE);
+ if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+
+ user = chomp(user_pass[0]);
+ pass = chomp(user_pass[1]);
+
+ if(tolower(pass) == "none")pass = "";
+
+ check_cisco_account(login:user, password:pass);
+
+ }
}
Modified: trunk/openvas-plugins/scripts/default_credentials.inc
===================================================================
--- trunk/openvas-plugins/scripts/default_credentials.inc 2011-09-07 07:00:34 UTC (rev 11580)
+++ trunk/openvas-plugins/scripts/default_credentials.inc 2011-09-07 11:49:07 UTC (rev 11581)
@@ -207,5 +207,7 @@
"superuser;(none)",
"recovery;recovery",
"NETOP;none",
-"IntraSwitch;Asante"
+"IntraSwitch;Asante",
+"cisco;none",
+"rwa;rwa"
);
More information about the Openvas-commits
mailing list