Re: [NSE Script] MySQL Server Information

[Thomas Buchanan <tbuchanan () thecompassgrp net>]

Rob Nicholls wrote:
> The "sa" account (often setup with a blank password because the setup file
> for 2000 doesn't make much effort to stop you) is a default account used by
> MS SQL, not MySQL, so any checks would go into an MSSQL script (Thomas has
> already written a "Microsoft SQL Server information gathering script"). A
> check for a blank password might be okay (and possibly the password "sa"?),
> but nmap probably isn't the best place to test for passwords, and I suspect
> people would like to avoid accidentally locking out accounts or potentially
> cause a denial of service (for any service).

Thanks for the mention, Rob.  The MSSQLm.nse script that currently ships 
with Nmap 4.50 does check for 'sa' with a blank password.  I also have a 
patch for that script that extends it to check for 'sa' with password = 
'password', but I haven't had a chance to send that to the list yet.

I've also been working on a script to check for MySQL (not Microsoft 
SQL) servers with user = 'root', and either a blank password, or 
password = 'password'.  However, that script isn't quite ready for 
primetime, especially since it relies on some NSE functionality that 
hasn't been integrated into mainline code yet (see 
http://seclists.org/nmap-dev/2007/q4/0472.html )

> A bit off-topic, but if you're interested in checking a service for "easy"
> passwords, you might want to try a dedicated tool such as hydra:
> http://freeworld.thc.org/thc-hydra/

I'd second this suggestion.  Hydra is a wonderful tool for finding 
common passwords to a large number of different network services.

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org