Nmap Development mailing list archives
Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts
From: David Fifield <david () bamsoftware com>
Date: Thu, 1 Apr 2010 21:48:10 -0600
On Thu, Apr 01, 2010 at 12:20:05PM -0600, David Fifield wrote:
On Sun, Mar 28, 2010 at 11:18:17AM +0200, Patrik Karlsson wrote:I've corrected a few mistakes in the MSSql scripts, such as the name of the service and some inconsistencies in output. The column names are now underlined with '=' for clarity. Don't know if that was the "best" character to use, but it's easy to change.I'm going to follow up with thoughts on combining some of the scripts.
So, after looking over the scripts I've come to the same conclusion as Fyodor in http://seclists.org/nmap-dev/2010/q1/1023, namely that mssql-databases mssql-linked-servers mssql-sp-configure mssql-tables are the best candidates to be combined. mssql-databases, mssql-linked-servers, mssql-sp-configure, and mssql-query are very similar, basically just doing different queries. I think mssql-query should remain on its own because it can be controlled with a script argument. mssql-tables is not as similar as these others by this simple metric, but it still seems pretty close to mssql-databases. mssql-tables is the only one I'm not sure about; what do you think? I want to see what people think about the method used by mssql-hasdbaccess. It creates a table, stores access data in it, selects from the table, then drops the table. I guess this could be harmful if there's an existing table called #hasdbaccess. This is what it does: CREATE table #hasaccess(dbname varchar(255), owner varchar(255), DboOnly bit, ReadOnly bit, SingelUser bit, Detached bit, Suspect bit, Offline bit, InLoad bit, EmergencyMode bit, StandBy bit, [ShutDown] bit, InRecovery bit, NotRecovered bit ); INSERT INTO #hasaccess EXEC sp_MShasdbaccess; SELECT TOP 5 dbname, owner FROM #hasaccess WHERE dbname NOT IN (master, tempdb, model, msdb); DROP TABLE #hasaccess; I'm not sure this script is useful enough for this amount of intrusiveness, but maybe I just don't know. What can someone do with the information provided by mssql-hasdbaccess? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 01)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Apr 03)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 04)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Apr 04)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 02)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Apr 01)