Results 1 to 9 of 9

Thread: What is default 'admin' password after installing openVAS

  1. #1
    Join Date
    2014-Oct
    Posts
    3

    What is default 'admin' password after installing openVAS

    kali-linux-1.0.9a-amd64.iso
    VMWare Workstation 9
    (have also tried on virtualbox)

    All of the instructionals I have seen with regard to setting up openVas state that you will be prompted to enter a password for 'admin' at the tail-end of the installation. What I see however is password being auto-generated.

    How I am running the openVAS installation: applications -> Kali Linux -> Vulnerability Analysis -> OpenVAS -> OpenVas initial setup

    it rolls through the entire setup, but at the end states "user created with password 'b2273996-450c-40f8-b0ef-1c9d8a76f3c4'. So it looks like it is kicking back the uuid of an auto-generated password..

    I tried admin, admin
    tried the root password, root login and password and every combination therein.

    Has anyone come across this before?
    Thx
    ------------------

    Some more details:

    following initial install of Kali -

    apt-get update
    apt-get upgrade

    installed vmware tools

    root@kali:/proc# cat version
    Linux version 3.14-kali1-amd64 (debian-kernel@lists.debian.org) (gcc version 4.7.2 (Debian 4.7.2-5) ) #1 SMP Debian 3.14.5-1kali1 (2014-06-07)

    halt

    upon reboot, Applications -> Kali Linux -> Vulnerability Analysis -> OpenVAS -> openvas initial setup

    tail-end of installation reads as:
    -----------
    The Subject's Distinguished Name is as follows
    countryName :PRINTABLE:'DE'
    localityName :PRINTABLE:'Berlin'
    commonName :PRINTABLE:'om'
    Certificate is to be certified until Oct 17 21:34:44 2015 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    Stopping OpenVAS Manager: openvasmd.
    Stopping OpenVAS Scanner: openvassd.
    Starting OpenVAS Scanner: openvassd.
    Starting OpenVAS Manager: openvasmd.
    Restarting Greenbone Security Assistant: gsad.
    User created with password 'b2273996-450c-40f8-b0ef-1c9d8a76f3c4'.
    -----------
    doing a search for 'user' in the installation log, the last two entries:
    Line 73793: [i] No user data directory '/var/lib/openvas/scap-data/private' found.
    Line 73888: User created with password 'b2273996-450c-40f8-b0ef-1c9d8a76f3c4'
    -----------

    glancing in /var/lib/openvas/scap-data/private:

    root@kali:/var/lib/openvas/scap-data# ls
    COPYING nvdcve-2.0-2010.xml.asc
    COPYING.asc nvdcve-2.0-2011.xml
    nvdcve-2.0-2002.xml nvdcve-2.0-2011.xml.asc
    nvdcve-2.0-2002.xml.asc nvdcve-2.0-2012.xml
    nvdcve-2.0-2003.xml nvdcve-2.0-2012.xml.asc
    nvdcve-2.0-2003.xml.asc nvdcve-2.0-2013.xml
    nvdcve-2.0-2004.xml nvdcve-2.0-2013.xml.asc
    nvdcve-2.0-2004.xml.asc nvdcve-2.0-2014.xml
    nvdcve-2.0-2005.xml nvdcve-2.0-2014.xml.asc
    nvdcve-2.0-2005.xml.asc official-cpe-dictionary_v2.2.xml
    nvdcve-2.0-2006.xml official-cpe-dictionary_v2.2.xml.asc
    nvdcve-2.0-2006.xml.asc oval
    nvdcve-2.0-2007.xml scap.db
    nvdcve-2.0-2007.xml.asc sha1sums
    nvdcve-2.0-2008.xml status
    nvdcve-2.0-2008.xml.asc status.asc
    nvdcve-2.0-2009.xml timestamp
    nvdcve-2.0-2009.xml.asc timestamp.asc
    nvdcve-2.0-2010.xml

    (oval is the only directory)
    ---------
    Cannot add user via cli (i.e. openvasad -c 'add_user' -n openvasadmin -r Admin)

    Any help appreciated. Thx
    Last edited by burger; 2014-10-17 at 22:06. Reason: added more detail

  2. #2
    Join Date
    2014-Oct
    Posts
    1
    ok. Firstly get the feed update of Openvas and run Openvas Check Setup. that will give u possible shortfalls of the installation.
    as you dont have the initial passwd it would be advisable to add another admin user to OpenVas from console.
    enter the following command: openvasad -c add_user -u your_new_login_here -r Admin
    after you hit enter, the openvas will generate a new passwd (a big long one) and just copy that passwd and login using that credentials. It will work.
    and after you log in the openvas just go to administration and change the passwd if you like.
    Hope this helps.
    Regards

  3. #3
    Join Date
    2014-Oct
    Posts
    3
    Thanks k-cyanide

    the openvasad command no-worky for me (may be version-specific?)

    But the issue appears to be permissions-related with the tasks.db file.

    Here is how I got around it:

    root@kali:/var/lib/openvas/mgr# openvasmd --rebuild
    root@kali:/var/lib/openvas/mgr# ls -al
    total 65548
    drwxr-xr-x 2 root root 4096 Oct 18 08:20 .
    drwxr-xr-x 10 root root 4096 Oct 15 20:14 ..
    -rw------- 1 root root 67108864 Oct 18 08:20 tasks.db
    root@kali:/var/lib/openvas/mgr# chmod 755 tasks.db
    root@kali:/var/lib/openvas/mgr# ls -al
    total 65548
    drwxr-xr-x 2 root root 4096 Oct 18 08:21 .
    drwxr-xr-x 10 root root 4096 Oct 15 20:14 ..
    -rwxr-xr-x 1 root root 67108864 Oct 18 08:20 tasks.db
    ----------

    then run the check-setup:

    <a lot of output..>

    [i] Updating Max CVSS for DFN-CERT
    Stopping OpenVAS Manager: openvasmd.
    Stopping OpenVAS Scanner: openvassd.
    Starting OpenVAS Scanner: openvassd.
    Starting OpenVAS Manager: openvasmd.
    Restarting Greenbone Security Assistant: gsad.
    User created with password '5b46de80-f035-4581-8c8d-d1be80172378'.
    ---------

    the string that resembles a uuid is the actual password for 'admin' -

    upon initial setup, there appears to be a permissions-restriction preventing access to tasks.db, but once permissions is opened up on this file, the produced password allows for access with admin user via the gui.

    (this a bug? Or did I perform the setup incorrectly?)

  4. #4
    Join Date
    2014-Oct
    Posts
    3
    veto my last (currently being moderated) comment. Permissions always revert to 600, so I was chasing a red herring. Not sure how I got that password to work before, but it is possible to create a new user simply enough: openvasmd --create-user <user id>

    The produced password WILL allow you in via the gui using the created userid.

    It still baffles me why the produced password for admin fails.

    have tried:
    rm tasks.db
    openvasmd --rebuild

    then re-running the initial setup, which produces new password. Fails. Every fricken time. (but worked once)

    No issues using the openvas .ova btw - this phenomenon only occurs in Kali

    Oh well, as long as I can get in and run scans..

    Thanks again k-cyanide

  5. #5
    Join Date
    2013-Mar
    Location
    Brazil
    Posts
    52
    To change admin password:
    openvasmd --user=admin --new-password=letmein

    Then logon using admin:letmein

  6. #6
    Join Date
    2014-Feb
    Posts
    44
    you can pretty easily cause more problems for yourself by thrashing around trying to get it working; and very quickly end up with it in a pretty wicked loop of demands. most posted tutorials I checked out, including a few which are quoted here; include typos and deprecated commands, etc. (such as openvasad). sometimes google isn't your best friend.

    the easiest fix is to rm /var/lib/openvas/mgr/tasks.db, then do openvasmd --rebuild. next, root@kali:~# openvasmd --create-user admin
    User created with password '21afd717-[snip] for any user you wish to add. the role assigned to that user and the password can be modified once the web interface can be accessed or you can use the --new-password=<password> option.

  7. #7
    Join Date
    2013-Mar
    Location
    Brazil
    Posts
    52

  8. #8
    Join Date
    2015-Feb
    Posts
    1
    I had the same issue, what I did just create a new user
    openvasmd --create-user [my-new-user]

    and it would create the user with a generated password.
    Login to the webui using the credential and found out another user 'admim' which the password is the one generated on setup.

  9. #9
    Join Date
    2013-May
    Posts
    2
    To change admin password:
    openvasmd --user=admin --new-password=youpass

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •