Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: .nessus File Missing Data

from [mike . sleeper] Network Security [Permanent Link]
Subject: Re: .nessus File Missing Data
Date: Tue, 8 Apr 2008 08:09:08 -0400 
I have encountered the same issue evaluating Nessus 3.2 on an RHEL 4.2 
installation. The scans are run from the command line:
ex:
  /usr/local/bin/nessus -qx 127.0.0.1 1241 [USER] [PWD] [TARGETFILE] 
[REPORTFILE] -V -T nessus -c [OLD_NESSUSRC_FILE]

The original .nessus report from the scanner exhibits the same behavior 
(e.g. incomplete data items) .


  Mike





Larry Petty <lspetty@yahoo.com> 
Sent by: nessus-bounces@list.nessus.org
04/07/2008 11:31 PM

To
nessus@list.nessus.org
cc

Subject
.nessus File Missing Data






I run my Nessus scans from the command line via a script. The server is 
Ubuntu 7.1 64-bit running Nessus 3.2 (Debian 64-bit installer)
 
Here is part of my script:

/opt/nessus/bin/nessus -qxV -c 
/usr/local/bin/asap-scripts/.nessusrc-normal localhost 1241 ### ### 
/usr/local/bin/asap-scripts/iplists/${CUST}/nessus-ike-list 
/home/scan-data/${SAVETO}/nessus/nessus-scan.nbe
/opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe 
-o /home/scan-data/${SAVETO}/nessus/nessus-scan.html
/opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe 
-o /home/scan-data/${SAVETO}/nessus/nessus-scan.txt
/opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe 
-o /home/scan-data/${SAVETO}/nessus/nessus-scan.nsr
/opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe 
-o /home/scan-data/${SAVETO}/nessus/nessus-scan.nessus
 
We are in the process of upgrading our in-house database to handle parsing 
the new .nessus file format. However, we have run into some issues.
 
The .nessus file seems to be missing data that is in the NBE and HTML 
files.  It seems like there might be a bug in the generation of the 
.NESSUS file when it encounters an apostrophe.  In the below the âEasy VPN 
Serverâ is missing from the .NESSUS file.  I provided a second example as 
well.

Can someone help me with this?
 
Nessus-scan.NBE File:
results|##.##.##.##|##.##.##.##|
snmp (161/udp)|
17986|
Security Hole|
\nThe remote version of IOS contains a feature called 'Easy VPN Server' 
which\nallows the administrator of the remote router to create a 
lightweight VPN\nserver.\n
\nThere is an implementation flaw in the remote version of this 
software\nwhich may allow an authorized user to complete authentication 
and access\nthe VPN remotely.\n
\nSolution : 
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml\n
Risk Factor : High\n
CVE : CVE-2005-1058\n
BID : 13033, 13031\n
Other references : OSVDB:15305\n
 
 
Nessus-scan.NESSUS File:
<ReportItem>
    <port>snmp (161/udp)</port>
    <pluginName>Plugin#17986</pluginName>
    <severity>3</severity>
    <pluginID>17986</pluginID>
    <data>\nThe remote version of IOS contains a feature called 
&apos;&apos;\n\n\n\n\n\n\n\n\n\n\n\n\n</data>
   </ReportItem>
   <ReportItem>
 
Nessus-scan.HTML File

The remote version of IOS contains a feature called 'Easy VPN Server' 
which
allows the administrator of the remote router to create a lightweight VPN
server.

There is an implementation flaw in the remote version of this software
which may allow an authorized user to complete authentication and access
the VPN remotely.

Solution : 
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Risk Factor : High
CVE : CVE-2005-1058
BID : 13033, 13031
Other references : OSVDB:15305
Nessus ID : 17986
 
 
 
Another Example (missing data after 'enable'):
NBE:
results|########|telnet (23/tcp)|23938|Security Hole|\nSynopsis :\n\nThe 
remote device has a factory password set.\n\nDescription :\n\nThe remote 
CISCO router has a default password set.  \nThis allows an attacker to get 
a lot information\nabout the network, and possibly to shut it down if\nthe 
'enable' password is not set either or is also a 
default\npassword.\n\nSolution : \n\nAccess this device and set a password 
using 'enable secret'\n\nRisk factor :\n\nCritical / CVSS Base Score : 10 
\n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\nCVE : CAN-1999-0508\n
 
NESSUS:
<ReportItem>
    <port>telnet (23/tcp)</port>
    <pluginName>Plugin#23938</pluginName>
    <severity>3</severity>
    <pluginID>23938</pluginID>
    <data>\nSynopsis :\n\nThe remote device has a factory password 
set.\n\nDescription :\n\nThe remote CISCO router has a default password 
set.  \nThis allows an attacker to get a lot information\nabout the 
network, and possibly to shut it down if\nthe 
&apos;&apos;\n\n\n\n\n&apos;&apos;\n\n\n\n\n\n\n</data>
   </ReportItem>
 
HTML:
Synopsis :

The remote device has a factory password set.

Description :

The remote CISCO router has a default password set. 
This allows an attacker to get a lot information
about the network, and possibly to shut it down if
the 'enable' password is not set either or is also a default
password.

Solution : 

Access this device and set a password using 'enable secret'

Risk factor :

Critical / CVSS Base Score : 10 
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE : CAN-1999-0508
Nessus ID : 23938
 
 

You rock. That's why Blockbuster's offering you one month of Blockbuster 
Total Access, No Cost._______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  What is this situation???, francesco sottini
Next by Date:  What is this situation???, francesco sottini
Previous by Thread:  .nessus File Missing Data, Larry Petty
Next by Thread:  Re: .nessus File Missing Data, Renaud Deraison (lists)
Indexes:  [Date] [Thread] [Top] [All Lists]