Nmap Development mailing list archives
Re: [NSE Script] MySQL Server Information
From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Tue, 18 Dec 2007 14:30:12 -0600
Kris Katterjohn wrote:
jah wrote:I noticed that too, but my testing showed that string.match(s,pattern) that I used, matched regardless of case. (My testing involved changing the case of pattern rather than of anything in nmap-service-probes, which may have been flawed thinking). What's the difference between string.match(s,pattern) and s:match(pattern), is it the same operation expressed differently?That's interesting about match(). I don't think your test was flawed, because I would've tried that myself :) I haven't read anywhere that explicitly states it's case-insensitive, and grepping in scripts/ shows that HTTPAuth.nse contains a character set of "[Aa]" in there.. but Thomas could just be as confused as me :) I'll leave it for now since I'm not sure (but if we can find a link showing that it is, in fact, case insensitive I'll certainly remove it).
First off, sorry to be so late joining this thread. I've been wanting to contribute, but I'm swamped right now, and just haven't been able to find time. As far as I know, patterns in Lua are case-sensitive, although I can't find any specific online references that supports that statement. Here's a quick test from a command-line Lua interpreter: D:\Scratch\lua5_1_2_Win32_bin>lua5.1.exe Lua 5.1.2 Copyright (C) 1994-2007 Lua.org, PUC-Rio
a = "a" m = string.match(a, "a") print(m)
a
m = string.match(a, "A") print(m)
nil
I hope people find it useful. I'll look into adding other things, like attempting logins, etc.
This was really the main reason I wanted to jump in. About 3 weeks ago, I started working on a MySQL script myself. Unfortunately, things got very busy, and I haven't had time to make significant progress on it. However, I was able to successfully login to MySQL servers using the extended login capabilities introduced in 4.1. To login with a password requires the ability to create SHA1 hashes of the password and the salt received from the server, which was my motivation for the NSE/OpenSSL patches I posted to the list recently: http://seclists.org/nmap-dev/2007/q4/0472.html I'm really busy through the end of the year, but I'd love to be able to help with this effort. I can post the very rough code that I have cobbled together for you guys to look at, or I can try to integrate my login code into Kris's script once I have time. Thanks, Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] MySQL Server Information Kris Katterjohn (Dec 15)
- Message not available
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 16)
- Re: [NSE Script] MySQL Server Information jah (Dec 17)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 17)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Thomas Buchanan (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Brandon Enright (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 16)
- Message not available