Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE Script] MySQL Server Information

From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 18 Dec 2007 17:53:19 -0600
Fyodor wrote:

On Tue, Dec 18, 2007 at 11:44:40PM +0000, jah wrote:

On 18/12/2007 20:30, Thomas Buchanan wrote:

But then as Fyodor says,
On 18/12/2007 23:09, Fyodor wrote:

We have categories to deal with this issue.  So a DB password checking
script would be good to have, but probably shouldn't be in the "safe"
category.
  

So maybe we should complement MySQLinfo with an entirely separate script....


Well, if it is only testing a few common defaults and is unlikely to
cause DB lockouts, it is probably OK to include in a single script.
But yes, a major brute forcing script should probably be separate from
one which simply gathers some available information from the DB.



I think I agree with jah.  Since it seems like it will require quite a 
bit of work, including adding the SSL bindings, it might be best to have 
a script like mine which just gathers the general information, and then 
have one based on Thomas's (and maybe partially my) code for brute forcing.

What do you guys think?


Cheers,
-F


Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: