Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

.nessus File Missing Data

from [Larry Petty] Network Security [Permanent Link]
Subject: .nessus File Missing Data
Date: Mon, 7 Apr 2008 20:31:06 -0700 (PDT) 
I run my
Nessus scans from the command line via a script. The server is Ubuntu 7.1
64-bit running Nessus 3.2 (Debian 64-bit installer)
 
Here is part of my
script:

/opt/nessus/bin/nessus
-qxV -c /usr/local/bin/asap-scripts/.nessusrc-normal localhost 1241 ### ###
/usr/local/bin/asap-scripts/iplists/${CUST}/nessus-ike-list
/home/scan-data/${SAVETO}/nessus/nessus-scan.nbe
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.html
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.txt
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.nsr
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.nessus
 
We are in
the process of upgrading our in-house database to handle parsing the new
.nessus file format. However, we have run into some issues.
 
The .nessus file seems to be missing data that
is in the NBE and HTML files.  It seems like there might be a bug in the
generation of the .NESSUS file when it encounters an apostrophe.  In the
below the ʽEasy VPN Serverʼ is missing from the .NESSUS file.  I provided
a second example as well.

Can someone help me with this?

 
Nessus-scan.NBE File:
results|##.##.##.##|##.##.##.##|
snmp (161/udp)|
17986|
Security Hole|
\nThe remote version of IOS contains a feature called 'Easy VPN Server' 
which\nallows the administrator of the remote router to create a lightweight
VPN\nserver.\n
\nThere is an implementation flaw in the remote version of
this software\nwhich may allow an authorized user to complete authentication
and access\nthe VPN remotely.\n
\nSolution : 
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml\n
Risk Factor : High\n
CVE : CVE-2005-1058\n
BID : 13033, 13031\n
Other references : OSVDB:15305\n
 
 
Nessus-scan.NESSUS File:
<ReportItem>
    <port>snmp (161/udp)</port>
   
<pluginName>Plugin#17986</pluginName>
    <severity>3</severity>
    <pluginID>17986</pluginID>
    <data>\nThe remote version of IOS
contains a feature called
&apos;&apos;\n\n\n\n\n\n\n\n\n\n\n\n\n</data>
   </ReportItem>
   <ReportItem>
    
Nessus-scan.HTML File

The remote version of IOS contains a feature called 'Easy VPN Server' which
allows the administrator of the remote router to create a lightweight VPN
server.

There is an implementation flaw in the remote version of this software
which may allow an authorized user to complete authentication and access
the VPN remotely.

Solution : http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Risk Factor : High
CVE : CVE-2005-1058
BID : 13033, 13031
Other references : OSVDB:15305
Nessus ID : 17986
 
 
 
Another Example (missing data
after 'enable'):
NBE:
results|########|telnet
(23/tcp)|23938|Security Hole|\nSynopsis :\n\nThe remote device has a factory
password set.\n\nDescription :\n\nThe remote CISCO router has a default
password set.  \nThis allows an attacker to get a lot information\nabout
the network, and possibly to shut it down if\nthe 'enable' password is not set 
either or is also a
default\npassword.\n\nSolution : \n\nAccess this device and set a password
using 'enable secret'\n\nRisk factor :\n\nCritical / CVSS Base Score : 10
\n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\nCVE : CAN-1999-0508\n
 
NESSUS:
<ReportItem>
    <port>telnet (23/tcp)</port>
    <pluginName>Plugin#23938</pluginName>
    <severity>3</severity>
    <pluginID>23938</pluginID>
    <data>\nSynopsis :\n\nThe remote
device has a factory password set.\n\nDescription :\n\nThe remote CISCO router
has a default password set.  \nThis allows an attacker to get a lot
information\nabout the network, and possibly to shut it down if\nthe
&apos;&apos;\n\n\n\n\n&apos;&apos;\n\n\n\n\n\n\n</data>
   </ReportItem>
 
HTML:
Synopsis :

The remote device has a factory password set.

Description :

The remote CISCO router has a default password set. 
This allows an attacker to get a lot information
about the network, and possibly to shut it down if
the 'enable' password is not set either or is also a default
password.

Solution : 

Access this device and set a password using 'enable secret'

Risk factor :

Critical / CVSS Base Score : 10 
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE : CAN-1999-0508
Nessus ID : 23938


      
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total 
Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problems installing Nessus 3.2.0 under Windows Vista Home Premium, Renaud Deraison (lists)
Next by Date:  What is this situation???, francesco sottini
Previous by Thread:  Problems installing Nessus 3.2.0 under Windows Vista Home Premium, Mario Chancay
Next by Thread:  Re: .nessus File Missing Data, mike . sleeper
Indexes:  [Date] [Thread] [Top] [All Lists]