Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Bug in MySQL NSE script ?

From: CRESTIN, Frédéric <Frederic.CRESTIN () groupe-cyllene com>
Date: Thu, 25 May 2023 13:00:44 +0000
Hi Fyodor/The Nmap Team,

I try to use the NSE script "mysql-empty-password", but there may be a bug.

____________________________________________________

N:\>nmap --open -sSV -d -p 3306 --script mysql-empty-password 172.18.3.34
Packet.dll present, library version 1.75
wpcap.dll present, library version: Npcap version 1.75, based on libpcap version 1.10.4
Starting Nmap 7.94 ( https://nmap.org ) at 2023-05-25 14:56 Paris, Madrid (heure dÆÚtÚ)
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.4.
NSE: Arguments from CLI:
NSE: Loaded 47 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:56
Completed NSE at 14:56, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:56
Completed NSE at 14:56, 0.00s elapsed
Initiating Ping Scan at 14:57
Scanning 172.18.3.34 [4 ports]
Packet capture filter (device eth7): dst host 10.160.200.33 and (icmp or icmp6 or ((tcp) and (src host 172.18.3.34)))
We got a ping packet back from 172.18.3.34: id = 44394 seq = 0 checksum = 21141
Completed Ping Scan at 14:57, 0.13s elapsed (1 total hosts)
Overall sending rates: 7.58 packets / s, 212.12 bytes / s.
mass_rdns: Using DNS server 10.160.204.14
mass_rdns: Using DNS server 10.160.204.17
mass_rdns: Using DNS server 10.160.252.211
mass_rdns: Using DNS server 10.160.252.212
mass_rdns: Using DNS server 10.160.204.14
mass_rdns: Using DNS server 10.160.204.17
mass_rdns: Using DNS server 10.160.252.211
mass_rdns: Using DNS server 10.160.252.212
mass_rdns: Using DNS server 192.168.74.254
mass_rdns: Using DNS server 172.20.10.1
Initiating Parallel DNS resolution of 1 host. at 14:57
mass_rdns: 11.37s 0/1 [#: 10, OK: 0, NX: 0, DR: 0, SF: 0, TR: 5]
Completed Parallel DNS resolution of 1 host. at 14:57, 11.14s elapsed
DNS resolution of 1 IPs took 11.38s. Mode: Async [#: 10, OK: 0, NX: 1, DR: 0, SF: 0, TR: 5, CN: 0]
Initiating SYN Stealth Scan at 14:57
Scanning 172.18.3.34 [1 port]
Packet capture filter (device eth7): dst host 10.160.200.33 and (icmp or icmp6 or ((tcp) and (src host 172.18.3.34)))
Discovered open port 3306/tcp on 172.18.3.34
Completed SYN Stealth Scan at 14:57, 0.01s elapsed (1 total ports)
Overall sending rates: 76.92 packets / s, 3384.62 bytes / s.
Initiating Service scan at 14:57
Scanning 1 service on 172.18.3.34
Completed Service scan at 14:57, 0.02s elapsed (1 service on 1 host)
NSE: Script scanning 172.18.3.34.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:57
NSE: Starting mysql-empty-password against 172.18.3.34:3306.
NSE: mysql-empty-password against 172.18.3.34:3306 threw an error!
C:\Program Files (x86)\Nmap/nselib/mysql.lua:278: bad argument #2 to 'unpack' (unfinished string for format 'z')
stack traceback:
        [C]: in function 'string.unpack'
        C:\Program Files (x86)\Nmap/nselib/mysql.lua:278: in function 'mysql.loginRequest'
        ...rogram Files (x86)\Nmap/scripts\mysql-empty-password.nse:54: in function <...rogram Files 
(x86)\Nmap/scripts\mysql-empty-password.nse:34>
        (...tail calls...)

Completed NSE at 14:57, 0.04s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Nmap scan report for 172.18.3.34
Host is up, received echo-reply ttl 61 (0.0064s latency).
Scanned at 2023-05-25 14:57:12 Paris, Madrid (heure dÆÚtÚ) for 0s

PORT     STATE SERVICE REASON         VERSION
3306/tcp open  mysql   syn-ack ttl 61 MySQL 5.1.41-3ubuntu12.10
Final times for host: srtt: 6375 rttvar: 5250  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Read from C:\Program Files (x86)\Nmap: nmap-protocols nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.50 seconds
           Raw packets sent: 2 (72B) | Rcvd: 2 (72B)

____________________________________________________

Thank you
Fred



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: