Nmap Development mailing list archives
Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Mar 2010 13:08:37 -0600
On Mon, Mar 22, 2010 at 01:46:07PM +0100, Patrik Karlsson wrote:
I should have probably described the scripts in the zipfile and attached some sample output last time I posted: http://seclists.org/nmap-dev/2010/q1/1000 The zipfile contains the mssql.lua library and the following scripts: mssql-brute - does password guessing against Microsoft SQL Server mssql-databases - list all databases for the server/instance mssql-empty-password - detects servers with empty passwords for the sa account mssql-hasdbaccess - list what databases a user has access to (depends on mssql-brute and iterates over all found accounts) mssql-linked-servers - lists linked servers available on the server/instance mssql-query - allows the user to run arbitrary queries against the server mssql-sp-configure - lists a bunch of configuration options mssql-tables - iterates over all databases and lists tables, columns and their data types mssql-xp-cmdshell - allows privileged users to execute OS commands
Wow! I don't have an MS-SQL server on hand to test against. I want to invite those of you reading to assist with the code review. If you want to get involved in NSE, reading and commenting on other people's code is a great way to get familiar. If you're thinking of applying to NSE for the Summer of Code, this is a good way to show your ability. Your primary responsibility as a reviewer is to ask questions about things you don't understand. Don't be embarrassed at not understanding something. Sometimes just asking a question can suggest to the author a better implementation. Knowing Patrik, most of the complexity will be in the library mssql.lua, so that should be the focus of review. Here is hwo to do it: Download http://seclists.org/nmap-dev/2010/q1/att-1000/mssql_zip.bin. Then, cd ~/nmap unzip mssql_zip.bin Test the scripts that interest you and write back with the output you get. ./nmap --datadir . -Pn -d -p 1433 --script mssql-databases <target> Patrik, here are some initial questions from a quick look over mssql.lua. You write in mssql.lua: -- o The library does not support SSL. The foremost reason being the akward -- choice of implementation where the SSL handshake is performed within -- the TDS data block. By default, servers support connections over non -- SSL connections though. Is this anything like the way STARTTLS works in SMTP? If so, there's an example of using that to make an SSL connection in ssl-cert.nse. The reconnect_ssl function lets you upgrade a socket with SSL. Does MS-SQL work over UDP? We have a commented-out payload for it on 1434/udp. All the scripts' portrules look for 1433/tcp. You might handle the mssql.username and mssql.database script arguments in a centralized way in mssql.lua, instead of in every script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 21)
- <Possible follow-ups>
- [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 23)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Mar 22)
- [NSE] Feature suggestion (GSoC?) Martin Holst Swende (Mar 25)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)