Nmap Development mailing list archives
[NSE] Improved version of ms-sql-info
From: Chris Woodbury <chris3e3 () gmail com>
Date: Mon, 24 Jan 2011 20:19:37 -0600
I have taken the ms-sql-info script and made what I hope are considered to be some improvements. Chief among them, the version detection is now more reliable, more accurate, and uses a method that would let the script's categorization be changed from "intrusive" to "safe" (a big plus for a default script). The revised script uses the same Discover function from the mssql library, but, instead of attempting to log in with a blank password for the "sa" account to check the version, it sends a TDS pre-login packet and parses the server's version number from the response (the same method used by SQLPing and by Nmap's own service versioning probes). This has the advantage of working every time, as long as the TCP port for the SQL Server instance is accessible (and, if it weren't, the logging-in method wouldn't work either), and it also doesn't run the risk of failed login attempts (which are dangerous now that SQL Server has account lockout policies). Plus, the lost side functionality is now available in the ms-sql-empty-password script. Now that we have a more reliable way of getting accurate version information, I also expanded the display of the version information, so that the script determines the version, the service pack level and whether additional patches have been installed. Additionally, as an aid to people who may not want an NSE script to make connections to ports they did not originally scan, I added a "browseronly" argument, which will have the script only connect to the SQL Server Browser service (done by mssql.Helper.Discover). This limits the accuracy of the version information, but allows tighter control over what the script is doing. Also, I took the liberty of removing the "require('target')," since it wasn't being used and may mislead users into thinking that the script will add identified instances (which would be great functionality). Last but not least, I updated the existing NSEDoc information and expanded the description. As I mentioned previously, I'm fairly new to Lua and NSE scripting, so I would love to hear any feedback. Thanks -chris
Attachment:
ms-sql-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 24)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 26)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 30)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 31)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 31)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Feb 03)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Feb 06)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 26)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 30)