Nmap Development mailing list archives
Bug in MySQL NSE script ?
From: CRESTIN, Frédéric <Frederic.CRESTIN () groupe-cyllene com>
Date: Thu, 25 May 2023 13:00:44 +0000
Hi Fyodor/The Nmap Team, I try to use the NSE script "mysql-empty-password", but there may be a bug. ____________________________________________________ N:\>nmap --open -sSV -d -p 3306 --script mysql-empty-password 172.18.3.34 Packet.dll present, library version 1.75 wpcap.dll present, library version: Npcap version 1.75, based on libpcap version 1.10.4 Starting Nmap 7.94 ( https://nmap.org ) at 2023-05-25 14:56 Paris, Madrid (heure dÆÚtÚ) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.4. NSE: Arguments from CLI: NSE: Loaded 47 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 14:56 Completed NSE at 14:56, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 14:56 Completed NSE at 14:56, 0.00s elapsed Initiating Ping Scan at 14:57 Scanning 172.18.3.34 [4 ports] Packet capture filter (device eth7): dst host 10.160.200.33 and (icmp or icmp6 or ((tcp) and (src host 172.18.3.34))) We got a ping packet back from 172.18.3.34: id = 44394 seq = 0 checksum = 21141 Completed Ping Scan at 14:57, 0.13s elapsed (1 total hosts) Overall sending rates: 7.58 packets / s, 212.12 bytes / s. mass_rdns: Using DNS server 10.160.204.14 mass_rdns: Using DNS server 10.160.204.17 mass_rdns: Using DNS server 10.160.252.211 mass_rdns: Using DNS server 10.160.252.212 mass_rdns: Using DNS server 10.160.204.14 mass_rdns: Using DNS server 10.160.204.17 mass_rdns: Using DNS server 10.160.252.211 mass_rdns: Using DNS server 10.160.252.212 mass_rdns: Using DNS server 192.168.74.254 mass_rdns: Using DNS server 172.20.10.1 Initiating Parallel DNS resolution of 1 host. at 14:57 mass_rdns: 11.37s 0/1 [#: 10, OK: 0, NX: 0, DR: 0, SF: 0, TR: 5] Completed Parallel DNS resolution of 1 host. at 14:57, 11.14s elapsed DNS resolution of 1 IPs took 11.38s. Mode: Async [#: 10, OK: 0, NX: 1, DR: 0, SF: 0, TR: 5, CN: 0] Initiating SYN Stealth Scan at 14:57 Scanning 172.18.3.34 [1 port] Packet capture filter (device eth7): dst host 10.160.200.33 and (icmp or icmp6 or ((tcp) and (src host 172.18.3.34))) Discovered open port 3306/tcp on 172.18.3.34 Completed SYN Stealth Scan at 14:57, 0.01s elapsed (1 total ports) Overall sending rates: 76.92 packets / s, 3384.62 bytes / s. Initiating Service scan at 14:57 Scanning 1 service on 172.18.3.34 Completed Service scan at 14:57, 0.02s elapsed (1 service on 1 host) NSE: Script scanning 172.18.3.34. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 14:57 NSE: Starting mysql-empty-password against 172.18.3.34:3306. NSE: mysql-empty-password against 172.18.3.34:3306 threw an error! C:\Program Files (x86)\Nmap/nselib/mysql.lua:278: bad argument #2 to 'unpack' (unfinished string for format 'z') stack traceback: [C]: in function 'string.unpack' C:\Program Files (x86)\Nmap/nselib/mysql.lua:278: in function 'mysql.loginRequest' ...rogram Files (x86)\Nmap/scripts\mysql-empty-password.nse:54: in function <...rogram Files (x86)\Nmap/scripts\mysql-empty-password.nse:34> (...tail calls...) Completed NSE at 14:57, 0.04s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 14:57 Completed NSE at 14:57, 0.00s elapsed Nmap scan report for 172.18.3.34 Host is up, received echo-reply ttl 61 (0.0064s latency). Scanned at 2023-05-25 14:57:12 Paris, Madrid (heure dÆÚtÚ) for 0s PORT STATE SERVICE REASON VERSION 3306/tcp open mysql syn-ack ttl 61 MySQL 5.1.41-3ubuntu12.10 Final times for host: srtt: 6375 rttvar: 5250 to: 100000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 14:57 Completed NSE at 14:57, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 14:57 Completed NSE at 14:57, 0.00s elapsed Read from C:\Program Files (x86)\Nmap: nmap-protocols nmap-service-probes nmap-services. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.50 seconds Raw packets sent: 2 (72B) | Rcvd: 2 (72B) ____________________________________________________ Thank you Fred
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
Current thread:
- Bug in MySQL NSE script ? CRESTIN , Frédéric (Jun 04)