Nmap Development mailing list archives
Re: [NSE] mysql-enum user enumeration script
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Mon, 17 Dec 2012 17:04:41 +0100
Just commited this as r30420. Sorry for a big merge from trunk into aca/nmap, my branch was outdated. Aleksandar On 12/16/2012 5:54 PM, Patrik Karlsson wrote:
I just re-tested it and it works well for me, so I would commit it to main. There was an unrelated bug in the brute library, where it silently failed if the userdb did not exist. I committed a fix that should address this as r30417. Thanks, //Patrik On Sun, Dec 16, 2012 at 5:16 AM, Aleksandar Nikolic <nikolic.alek () gmail com <mailto:nikolic.alek () gmail com>> wrote: Um, should I commit this to main ? It's still only in my dev branch On 12/11/2012 11:56 AM, Aleksandar Nikolic wrote: > Hi Patrik, > > thanks for comments, I added a check for that "hostname is blocked" case. > Now the script will bail out as soon as it gets that error. I just > can't say I'm > sure when is this error triggered, I can't get consistent results. > Wonder if some sort of rate limiting would prevent it ? > > Also, I've fixed the indentation issues. > > , > Aleksandar > > On 12/8/2012 6:57 PM, Patrik Karlsson wrote: >> Alexandar, >> >> I tried this script and didn't get it to show any users even though >> they existed. >> I tracked the problem down to the server returning the following message; >> "hostname is blocked because of many connection errors; unblock with >> 'mysqladmin flush-hosts'" >> >> I think the script needs to handle this error message and report back >> to avoid false negatives. >> There were also some indentation cleanup that needed to be done. >> >> Thanks, >> Patrik >> >> >> On Sat, Dec 8, 2012 at 10:20 AM, Aleksandar Nikolic >> <nikolic.alek () gmail com <mailto:nikolic.alek () gmail com> <mailto:nikolic.alek () gmail com <mailto:nikolic.alek () gmail com>>> wrote: >> >> Resending this as i didn't get any comments , and I guess it might >> not have got attention due to list changing ... >> >> >> -------- Original Message -------- >> Subject: [NSE] mysql-enum user enumeration script >> Date: Mon, 03 Dec 2012 21:38:59 +0100 >> From: Aleksandar Nikolic <nikolic.alek () gmail com <mailto:nikolic.alek () gmail com> >> <mailto:nikolic.alek () gmail com <mailto:nikolic.alek () gmail com>>> >> To: nmap-dev () insecure org <mailto:nmap-dev () insecure org> <mailto:nmap-dev () insecure org <mailto:nmap-dev () insecure org>> >> >> >> >> Hi all , >> >> been a long time since I contributed something :) >> >> As you might have noticed, kingcope released quite a number of mysql >> vulns over the >> weekend, one of them being an user enumeration vulnerability >> which sounded >> like a perfect candidate for a NSE script (original release : >> http://seclists.org/fulldisclosure/2012/Dec/9 ). >> So here is my rough draft for it. >> >> The vuln lies in the fact that MySQL server, when it gets connection >> from a client using old authentication >> mechanism, responds in different ways when user does and does not >> exist. >> Basically , when >> user does not exist, the server replies with "Access denied for >> user..." >> immediately, else it waits for a >> password. >> >> I might be a little rusty with Lua and nmap dev , so do point out >> your >> ideas >> and suggestions for improvements. >> >> Aleksandar >> >> >> >> >> >> _______________________________________________ >> Sent through the dev mailing list >> http://nmap.org/mailman/listinfo/dev >> Archived at http://seclists.org/nmap-dev/ >> >> >> >> >> -- >> Patrik Karlsson >> http://www.cqure.net >> http://twitter.com/nevdull77 >> >> > _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 03)
- Fwd: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 08)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 08)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 11)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 16)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 16)
- Re: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 17)
- Re: [NSE] mysql-enum user enumeration script Patrik Karlsson (Dec 08)
- Fwd: [NSE] mysql-enum user enumeration script Aleksandar Nikolic (Dec 08)