jfernandez at germinus
Sep 16, 2002, 6:10 AM
Post #3 of 4
Renaud Deraison wrote:
>On Mon, Sep 16, 2002 at 01:01:24PM +0200, Javier Fernández-Sanguino Peña wrote:
>>I was wondering if somebody was improving the default passwords test
>>plugins. Currently Nessus has a SNMP plugin test (which does not include
>>some common SNMP communities or undocumented ones, such as cable-docsis)
>> and an 'accounts' plugin which includes a limited text file with
>>username/passwords  for telnet connections. The 'accounts' plugin can
>>use a user-provided file, whileas the SNMP tests cannot.
>Hydra.nes does that. It can do cisco ftp, http, icq, imap, nntp,
>pcnfs, pop3, rexec, smb, socks5 and telnet password bruteforcing using a
>list of usernames and passes.
Quite nice. Doesn't it, however, lack Nessus feature to be able to
analyse a service which is not on a standard port?
In any case, one of the improvements I was thinking of, though, would be
the use of such default passwords to determine which equipment is being
assessed. For example, 'ilmi' community most probably belongs to a CISCO
router. What information could such a plugin place in the Knowledge
database (if any) for OS/device identification?