Nmap Development mailing list archives
Re: [NSE] mysql-enum user enumeration script
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 8 Dec 2012 12:57:28 -0500
Alexandar, I tried this script and didn't get it to show any users even though they existed. I tracked the problem down to the server returning the following message; "hostname is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'" I think the script needs to handle this error message and report back to avoid false negatives. There were also some indentation cleanup that needed to be done. Thanks, Patrik On Sat, Dec 8, 2012 at 10:20 AM, Aleksandar Nikolic <nikolic.alek () gmail com>wrote:
Resending this as i didn't get any comments , and I guess it might not have got attention due to list changing ... -------- Original Message -------- Subject: [NSE] mysql-enum user enumeration script Date: Mon, 03 Dec 2012 21:38:59 +0100 From: Aleksandar Nikolic <nikolic.alek () gmail com> To: nmap-dev () insecure org Hi all , been a long time since I contributed something :) As you might have noticed, kingcope released quite a number of mysql vulns over the weekend, one of them being an user enumeration vulnerability which sounded like a perfect candidate for a NSE script (original release : http://seclists.org/fulldisclosure/2012/Dec/9 ). So here is my rough draft for it. The vuln lies in the fact that MySQL server, when it gets connection from a client using old authentication mechanism, responds in different ways when user does and does not exist. Basically , when user does not exist, the server replies with "Access denied for user..." immediately, else it waits for a password. I might be a little rusty with Lua and nmap dev , so do point out your ideas and suggestions for improvements. Aleksandar _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 03)
- Fwd: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 08)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 08)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 11)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 16)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 16)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 17)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 08)
- Fwd: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 08)