Nmap Development mailing list archives

Re: [NSE Script] MySQL Server Information

From: sawall <sawall () gmail com>
Date: Tue, 18 Dec 2007 15:46:18 -0600

I guess my goal with checking the login with Nmap was just to do a quick
check for no password or a password of "password".  Not to do a ton of
testing, just a fly by test if MySQL or MSSQL were found to be open.

I agree that Nmap isn't the place to do a lot of password testing but would
be a good place for a quick check.


chris


On Dec 18, 2007 2:38 PM, Thomas Buchanan <tbuchanan () thecompassgrp net>
wrote:

Rob Nicholls wrote:

The "sa" account (often setup with a blank password because the setup

file

for 2000 doesn't make much effort to stop you) is a default account used

by

MS SQL, not MySQL, so any checks would go into an MSSQL script (Thomas

has

already written a "Microsoft SQL Server information gathering script").

check for a blank password might be okay (and possibly the password

"sa"?),

but nmap probably isn't the best place to test for passwords, and I

suspect

people would like to avoid accidentally locking out accounts or

potentially

cause a denial of service (for any service).


Thanks for the mention, Rob.  The MSSQLm.nse script that currently ships
with Nmap 4.50 does check for 'sa' with a blank password.  I also have a
patch for that script that extends it to check for 'sa' with password =
'password', but I haven't had a chance to send that to the list yet.

I've also been working on a script to check for MySQL (not Microsoft
SQL) servers with user = 'root', and either a blank password, or
password = 'password'.  However, that script isn't quite ready for
primetime, especially since it relies on some NSE functionality that
hasn't been integrated into mainline code yet (see
http://seclists.org/nmap-dev/2007/q4/0472.html )

A bit off-topic, but if you're interested in checking a service for

"easy"

passwords, you might want to try a dedicated tool such as hydra:
http://freeworld.thc.org/thc-hydra/


I'd second this suggestion.  Hydra is a wonderful tool for finding
common passwords to a large number of different network services.

Thomas


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [NSE Script] MySQL Server Information, (continued)
- - - Re: [NSE Script] MySQL Server Information jah (Dec 18)
    - Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
    - Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
    - RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
    - Re: [NSE Script] MySQL Server Information jah (Dec 18)
    - Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
    - Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
  - RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
    - Re: [NSE Script] MySQL Server Information Thomas Buchanan (Dec 18)
    - Re: [NSE Script] MySQL Server Information sawall (Dec 18)
    - Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)