Nmap Development mailing list archives

[NSE] Microsoft SQL Server (MSSQL) library and scripts

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 28 Mar 2010 11:18:17 +0200

Hi,

I've corrected a few mistakes in the MSSql scripts, such as the name of the service and some inconsistencies in output.
The column names are now underlined with '=' for clarity. Don't know if that was the "best" character to use, but it's
easy to change.

As some queries may take some time to process I've increased the socket timeout in the library to 30 seconds.
There's a comment on this in the script which explains that this long timeout will only made use of when the scripts
are waiting for the MsSQL db to process their queries.
The library parses the protocol and only attempts to read from the socket when more byte *should* be there for it to
read which means that it's unlikely to trigger the timeout as a result of reading past the end of the buffer. I've
added the argument mssql.timeout to the library so that you can specify your own timeout if necessary.
So far running all scripts (excluding mssql-brute) against my test environment takes less than a second (on average
0.20).

I removed the possibility to supply a database as parameter to most scripts, because it was kind of pointless as it was
only used as default database during authentication.
As the credentials are handled somewhat differently between scripts I've made no attempt to centralize this code yet.

I'm thinking of adding some code in the future to the brute script that attempts to determine the privileges/roles of a
guessed account.
This information would be stored together with the password in the nmap registry so that other scripts could make use
of it.
A scripts could then call eg. getAccountWithServerRole('sysdba') to get an account with DBA privileges.
Once this is in place it will be easier to centralize the code for handling credentials for the scripts.

I'm attaching the latest versions of the scripts and library:

Attachment: mssql.lua
Description:

Attachment: mssql-hasdbaccess.nse
Description:

Attachment: mssql-databases.nse
Description:

Attachment: mssql-xp-cmdshell.nse
Description:

Attachment: mssql-tables.nse
Description:

Attachment: mssql-sp-configure.nse
Description:

Attachment: mssql-linked-servers.nse
Description:

Attachment: mssql-query.nse
Description:

Attachment: mssql-empty-password.nse
Description:

Attachment: mssql-brute.nse
Description:



//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts, (continued)
- - - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 22)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 23)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 28)
    - [NSE] Feature suggestion (GSoC?) Martin Holst Swende (Mar 25)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
  - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Mar 30)
    - Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 30)
- [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 28)