Nmap Development mailing list archives
Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 1 Apr 2010 22:38:19 +0200
On 1 apr 2010, at 22.14, David Fifield wrote:
On Thu, Apr 01, 2010 at 08:49:57PM +0200, Patrik Karlsson wrote:On 1 apr 2010, at 20.20, David Fifield wrote:I set the password of sa to empty and created an nmap database to test with. This is what I'm seeing now. All scripts produce output except for mssql-xp-cmdshell (which hits an error) and mssql-linked-servers, probably because I would have to do something to set up linked servers.I've fixed the error for mssql-xp-cmdshell it should work now.Okay, it no longer gives me an error, but with --packet-trace I can see that the server is sending SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', see "Surface Area Configuration" in SQL Server Books Online. I'm sure it work if it's enabled. The script should say something in verbose mode if it can't run the command for this reason.
It now says: "Procedure xp_cmdshell disabled, for more information see "Surface Area Configuration" in Books Online. If you do want to test it you can enable xp_cmdshell by running the following: sp_configure 'xp_cmdshell', 1 reconfigure You can disable it again by setting it back to 0 (zero).
If you want to test the linked servers script there's more info on how to create a db link over here: http://msdn.microsoft.com/en-us/library/aa259589%28v=SQL.80%29.aspxI ran sp_addlinkedserver 'MAC-MINI'; to link the server to itself, and now I get | mssql-linked-servers: | srvname srvproduct providername | ======= ========== ============ |_ MAC-MINI SQL Server SQLOLEDB
Great.
David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik
Attachment:
mssql-xp-cmdshell.nse
Description:
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 03)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 04)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Apr 04)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)