Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts

From: David Fifield <david () bamsoftware com>
Date: Thu, 1 Apr 2010 21:54:31 -0600
On Thu, Apr 01, 2010 at 12:20:05PM -0600, David Fifield wrote:

I set the password of sa to empty and created an nmap database to test
with.

$ ./nmap -Pn -n --datadir . -p 1433 --script=mssql-\* 192.168.0.190 --script-args unpwdb.passlimit=1 -d

NSE: Starting mssql-brute against 192.168.0.190:1433.
NSE: Trying root/ ...
NSE: Trying admin/ ...
NSE: Trying administrator/ ...
NSE: Trying webadmin/ ...
NSE: Trying sysadmin/ ...
NSE: Trying netadmin/ ...
NSE: Trying guest/ ...
NSE: Trying user/ ...
NSE: Trying web/ ...
NSE: Trying test/ ...
NSE: Finished mssql-brute against 192.168.0.190:1433.


Because the sa account is so important, I think it should be the first
one tried by mssql-brute, even if it's not in the username list. Or
maybe only when the default username list is used (no userdb script
argument). Anyway, this is kind of a separate issue so it's best to
solve this after the mssql code gets merged. I want to leave a bookmark
here for future reference. Martin Holst Swende wrote some code to
augment the username/password iterators from a static list.

http://seclists.org/nmap-dev/2010/q1/801

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: