Nmap Development mailing list archives

[NSE] mysql-enum user enumeration script

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Mon, 03 Dec 2012 21:38:59 +0100

Hi all ,

been a long time since I contributed something :)

As you might have noticed, kingcope released quite a number of mysql
vulns over the
weekend, one of them being an user enumeration vulnerability which sounded
like a perfect candidate for a NSE script (original release :
http://seclists.org/fulldisclosure/2012/Dec/9 ).
So here is my rough draft for it.

The vuln lies in the fact that MySQL server, when it gets connection
from a client using old authentication
mechanism, responds in different ways when user does and does not exist.
Basically , when
user does not exist, the server replies with "Access denied for user..."
immediately, else it waits for a
password.

I might be a little rusty with Lua and nmap dev , so do point out your
ideas
and suggestions for improvements.

Aleksandar

Attachment: mysql-enum.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 03)
- Fwd: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 08)
  - Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 08)
    - Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 11)
    - Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 16)
    - Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 16)
    - Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 17)