Knowledge Base

Ask A Question

Questions

0

Custom Vulnerability Check for default password not working.

TL;DR: Does anyone have a working example of a Windows "Default Account" check and the steps necessary to implement it? How do you properly remove old custom/community checks? How do you update custom/community checks that may have been changed? --- I'm trying to create a custom "Default Account" vulnerability check to search for the existence of previously used local administrator passwords in our environment. I've set a server to use this password, and am following the CIFS example here: https://kb.help.rapid7.com/docs/nexpose-common-vulnerability-check-examples The vulnerability is never found though. I'm seeing several issues with the custom vuln I'm trying to write. 1) The "load content" command seems to work, and I see no failures in nsc.log. The custom check appears under the community category, I can search for cmty-* in the InsightVM console, etc. I see no problems with it. However, when I view the scan log, I see no mention of cmty-anything, which seems to indicate the check was never used in the scan. I've intentionally created scan with this check, and only this check, enabled, nothing. I also know that the cift check -should- work. Using "mount.cifts" from a linux workstation, I can clearly generate "permission denied" errors for bad passwords, and see no such failure for good passwords. In other words, it isn't failing due to lack of inbound port access, bad credentials, services not running, etc. The vulnerability does actually exist and I think I could quite easily write a quick bash script to test for it. 2) Previously built checks, which didn't work, still appear in the console. These checks were removed from the "CustomScanner" directory. Each time "load content" is run, I also see "Vulnerability cmty-old-check-that-doesnt-exist found in database, but does not have a vulnerability descriptor file.". Running the database maintenance scripts doesn't seem to help. 3) Checks which I modified the XML for do not get updated. For example, I changed a category from "Default" to "Default Account". However, the categories remains the same. I'm unsure if the actual check (the ".vck" file) is actually being updated or not.

Posted by Mike about a month ago

3

Cannon install Insight Agent

I am unable to install the Insight agent on a Windows 2012 R2 server - the agent installs but the service fails to start so the install never completes. Seems a bit basic that the agent won't even install - the only thing I can see is the following error in the log for the ir_agent: Python could not construct the class instance Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\persistence\winsvc.py", line 26, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 234, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 95, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 144, in _agent_shutdown File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 135, in _agent_shutdown SystemExit: 1 %2: %3 And the following in the agent.log in the Agent directory: 2018-10-31 22:55:23,540 [INFO] [agent.agent]: Registered as singleton. PID: Unavailable 2018-10-31 22:55:23,540 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method FIRMWARE_API - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method WMI - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [ERROR] [agent.platforms.windows.mixins]: Unable to obtain uuid from any known methods - attempt random generation ONLY if config allows 2018-10-31 22:55:23,571 [ERROR] [agent.agent]: Exception occurred while retrieving/caching agent id: Agent config is prevents random agentid Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 84, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\common.py", line 333, in __get__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 135, in plat_hostId File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 72, in _agentid_random agent.exceptions.InvalidAgentidException: Agent config is prevents random agentid Any ideas? thanks Barry

Posted by Barry Smith about a month ago