Nmap Development mailing list archives
Re: [NSE Script] MySQL Server Information
From: jah <jah () zadkiel plus com>
Date: Wed, 19 Dec 2007 02:58:41 +0000
On 19/12/2007 01:53, Rob Nicholls wrote:
I can definitely see the benefit of Chris' suggestion and Thomas' improved script for checking a handful of passwords for default accounts (a lot easier than firing up another program just to check that "sa" isn't set to "password" or left blank), and it might be worth checking default usernames and passwords on other well known services too (Scott:Tiger, cisco:cisco, admin:password etc.); I think Chris' original comment about checking for weak passwords threw me as it wasn't clear at the time just how limited the check for weak passwords would be. I'd probably like an additional option of being able to specify two files, one for usernames (that I can type up, or perhaps dump out of getacct.exe or enum.exe) and one to point at whatever huge dictionary file I've got to hand, rather than a single file full of pairs. I can't see my dictionary files changing that often, but I can see the list of users changing a lot
Rob! You raise questions (not reproduced here) that will take some serious pondering and should indeed be pondered and discussed.... I think you agree that having the ability to check for some default and and a selection of weak passwords against a MySQL service is a good thing and that there should be safeguards against doing stuff the user doesn't necessarily want to do. It sounds to me like we're kind of steering away from coding this functionality in a script, but to provide it (in the future) as a library to avoid redundancy of code right across the board and allow it's use for any service. If that's possible, I reckon it's a winner of an idea. Going for a ponder. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE Script] MySQL Server Information, (continued)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Brandon Enright (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
- Re: [NSE Script] MySQL Server Information Thomas Buchanan (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)