Nessus Aux scripts to guess password against XMLRPC/NTP interfaces #1071

Merged
merged 6 commits into from Nov 27, 2012

Conversation

Projects
None yet
3 participants
@kost
Contributor

kost commented Nov 15, 2012

Nessus Aux scripts to guess password against XMLRPC/NTP interfaces

@brandonprry

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 19, 2012

Contributor

xmlrpc login

msf auxiliary(nessus_xmlrpc_login) > run

[-] 192.168.1.44:8834 NESSUS_XMLRPC - NessusXMLRPC - - Authorization not requested
[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_login) > run

[] 192.168.1.44:8834 NESSUS_XMLRPC - [1/2] - NessusXMLRPC - - Trying username:'admin' with password:'admin'
[-] 192.168.1.44:8834 NESSUS_XMLRPC - [1/2] - NessusXMLRPC - FAILED LOGIN. 'admin' : 'admin'
[
] 192.168.1.44:8834 NESSUS_XMLRPC - [2/2] - NessusXMLRPC - - Trying username:'admin' with password:'password'
[+] 192.168.1.44:8834 NessusXMLRPC - SUCCESSFUL LOGIN. 'admin' : 'password'
[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_login) >

Contributor

brandonprry commented Nov 19, 2012

xmlrpc login

msf auxiliary(nessus_xmlrpc_login) > run

[-] 192.168.1.44:8834 NESSUS_XMLRPC - NessusXMLRPC - - Authorization not requested
[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_login) > run

[] 192.168.1.44:8834 NESSUS_XMLRPC - [1/2] - NessusXMLRPC - - Trying username:'admin' with password:'admin'
[-] 192.168.1.44:8834 NESSUS_XMLRPC - [1/2] - NessusXMLRPC - FAILED LOGIN. 'admin' : 'admin'
[
] 192.168.1.44:8834 NESSUS_XMLRPC - [2/2] - NessusXMLRPC - - Trying username:'admin' with password:'password'
[+] 192.168.1.44:8834 NessusXMLRPC - SUCCESSFUL LOGIN. 'admin' : 'password'
[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_login) >

@brandonprry

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 19, 2012

Contributor

ntp login

msf auxiliary(nessus_ntp_login) > run

[] 192.168.1.44:1241 Nessus NTP - Connecting and checking username and passwords
[
] 192.168.1.44:1241 NESSUS_NTP - [1/2] - Nessus NTP - Trying user:'admin' with password:'admin'
[-] 192.168.1.44:1241 NESSUS_NTP - [1/2] - Nessus NTP - Rejected user: 'admin' with password: 'admin': Bad login attempt !
[] 192.168.1.44:1241 NESSUS_NTP - [2/2] - Nessus NTP - Trying user:'admin' with password:'password'
[+] 192.168.1.44:1241 Nessus NTP - SUCCESSFUL login for 'admin' : 'password'
[
] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_ntp_login) >

Contributor

brandonprry commented Nov 19, 2012

ntp login

msf auxiliary(nessus_ntp_login) > run

[] 192.168.1.44:1241 Nessus NTP - Connecting and checking username and passwords
[
] 192.168.1.44:1241 NESSUS_NTP - [1/2] - Nessus NTP - Trying user:'admin' with password:'admin'
[-] 192.168.1.44:1241 NESSUS_NTP - [1/2] - Nessus NTP - Rejected user: 'admin' with password: 'admin': Bad login attempt !
[] 192.168.1.44:1241 NESSUS_NTP - [2/2] - Nessus NTP - Trying user:'admin' with password:'password'
[+] 192.168.1.44:1241 Nessus NTP - SUCCESSFUL login for 'admin' : 'password'
[
] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_ntp_login) >

@brandonprry

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 19, 2012

Contributor

xmlrpc ping actually doesn't do anything for me...odd:

msf auxiliary(nessus_xmlrpc_ping) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(nessus_xmlrpc_ping) > run

[] Scanned 029 of 256 hosts (011% complete)
[
] Scanned 053 of 256 hosts (020% complete)
[] Scanned 079 of 256 hosts (030% complete)
[
] Scanned 103 of 256 hosts (040% complete)
[] Scanned 128 of 256 hosts (050% complete)
[
] Scanned 154 of 256 hosts (060% complete)
[] Scanned 180 of 256 hosts (070% complete)
[
] Scanned 205 of 256 hosts (080% complete)
[] Scanned 232 of 256 hosts (090% complete)
[
] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_ping) >

Contributor

brandonprry commented Nov 19, 2012

xmlrpc ping actually doesn't do anything for me...odd:

msf auxiliary(nessus_xmlrpc_ping) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(nessus_xmlrpc_ping) > run

[] Scanned 029 of 256 hosts (011% complete)
[
] Scanned 053 of 256 hosts (020% complete)
[] Scanned 079 of 256 hosts (030% complete)
[
] Scanned 103 of 256 hosts (040% complete)
[] Scanned 128 of 256 hosts (050% complete)
[
] Scanned 154 of 256 hosts (060% complete)
[] Scanned 180 of 256 hosts (070% complete)
[
] Scanned 205 of 256 hosts (080% complete)
[] Scanned 232 of 256 hosts (090% complete)
[
] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_ping) >

@kost

This comment has been minimized.

Show comment Hide comment
@kost

kost Nov 24, 2012

Contributor

Try ping module now and let me know if it works for you. If it does not work, please send me output with VERBOSE true flag.

Contributor

kost commented Nov 24, 2012

Try ping module now and let me know if it works for you. If it does not work, please send me output with VERBOSE true flag.

@brandonprry

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 24, 2012

Contributor

Will test today.

Contributor

brandonprry commented Nov 24, 2012

Will test today.

@brandonprry

This comment has been minimized.

Show comment Hide comment
@brandonprry

brandonprry Nov 24, 2012

Contributor

Awesome blossom

msf > use auxiliary/scanner/nessus/nessus_xmlrpc_ping
msf auxiliary(nessus_xmlrpc_ping) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(nessus_xmlrpc_ping) > run

[] Scanned 027 of 256 hosts (010% complete)
[+] 192.168.1.47:8834 NessusXMLRPC - SUCCESS. '192.168.1.47' : '8834'
[
] Scanned 066 of 256 hosts (025% complete)
[] Scanned 081 of 256 hosts (031% complete)
[
] Scanned 103 of 256 hosts (040% complete)
[] Scanned 129 of 256 hosts (050% complete)
[
] Scanned 154 of 256 hosts (060% complete)
[] Scanned 182 of 256 hosts (071% complete)
[
] Scanned 207 of 256 hosts (080% complete)
[] Scanned 232 of 256 hosts (090% complete)
[
] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_ping) >

One thing:

[bperry@w00den-pickle tools]$ ./msftidy.rb ../modules/auxiliary/scanner/nessus/
nessus_xmlrpc_ping.rb:25 - [WARNING] Spaces at EOL
[bperry@w00den-pickle tools]$

sinn3r I think this is good to go after this one small thing is fixed.

Contributor

brandonprry commented Nov 24, 2012

Awesome blossom

msf > use auxiliary/scanner/nessus/nessus_xmlrpc_ping
msf auxiliary(nessus_xmlrpc_ping) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(nessus_xmlrpc_ping) > run

[] Scanned 027 of 256 hosts (010% complete)
[+] 192.168.1.47:8834 NessusXMLRPC - SUCCESS. '192.168.1.47' : '8834'
[
] Scanned 066 of 256 hosts (025% complete)
[] Scanned 081 of 256 hosts (031% complete)
[
] Scanned 103 of 256 hosts (040% complete)
[] Scanned 129 of 256 hosts (050% complete)
[
] Scanned 154 of 256 hosts (060% complete)
[] Scanned 182 of 256 hosts (071% complete)
[
] Scanned 207 of 256 hosts (080% complete)
[] Scanned 232 of 256 hosts (090% complete)
[
] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(nessus_xmlrpc_ping) >

One thing:

[bperry@w00den-pickle tools]$ ./msftidy.rb ../modules/auxiliary/scanner/nessus/
nessus_xmlrpc_ping.rb:25 - [WARNING] Spaces at EOL
[bperry@w00den-pickle tools]$

sinn3r I think this is good to go after this one small thing is fixed.

@kost

This comment has been minimized.

Show comment Hide comment
@kost

kost Nov 24, 2012

Contributor

Removed space at EOL. Let me know if there's anything else.

Contributor

kost commented Nov 24, 2012

Removed space at EOL. Let me know if there's anything else.

@wchen-r7 wchen-r7 merged commit 8605190 into rapid7:master Nov 27, 2012

1 check passed

default The Travis build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment