Nmap Development mailing list archives
Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts
From: David Fifield <david () bamsoftware com>
Date: Tue, 30 Mar 2010 10:59:08 -0600
On Mon, Mar 22, 2010 at 01:46:07PM +0100, Patrik Karlsson wrote:
I should have probably described the scripts in the zipfile and attached some sample output last time I posted: http://seclists.org/nmap-dev/2010/q1/1000 The zipfile contains the mssql.lua library and the following scripts: mssql-brute - does password guessing against Microsoft SQL Server mssql-databases - list all databases for the server/instance mssql-empty-password - detects servers with empty passwords for the sa account mssql-hasdbaccess - list what databases a user has access to (depends on mssql-brute and iterates over all found accounts) mssql-linked-servers - lists linked servers available on the server/instance mssql-query - allows the user to run arbitrary queries against the server mssql-sp-configure - lists a bunch of configuration options mssql-tables - iterates over all databases and lists tables, columns and their data types mssql-xp-cmdshell - allows privileged users to execute OS commands
I found that there's a no-cost "express" version of SQL Server at http://www.microsoft.com/express/Database/. I installed that and enabled remote access. Here's the result of running the scripts: $ ./nmap --datadir . -p 1433 192.168.0.190 -Pn -n --script=mssql-\* -d --script-args unpwdb.userlimit=1,unpwdb.passlimit=1 NSE: Script scanning 192.168.0.190. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 10:47 NSE: NSE Script Threads (2) running: NSE: Starting mssql-empty-password against 192.168.0.190:1433. NSE: Starting mssql-brute against 192.168.0.190:1433. NSE: Trying root/ ... NSE: Finished mssql-empty-password against 192.168.0.190:1433. NSE: Finished mssql-brute against 192.168.0.190:1433. Completed NSE at 10:47, 0.05s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 10:47 NSE: NSE Script Threads (7) running: NSE: Starting mssql-xp-cmdshell against 192.168.0.190:1433. NSE: Starting mssql-tables against 192.168.0.190:1433. NSE: Starting mssql-sp-configure against 192.168.0.190:1433. NSE: Starting mssql-query against 192.168.0.190:1433. NSE: Starting mssql-linked-servers against 192.168.0.190:1433. NSE: Starting mssql-hasdbaccess against 192.168.0.190:1433. NSE: Starting mssql-databases against 192.168.0.190:1433. NSE: mssql-tables against 192.168.0.190:1433 threw an error! ./scripts/mssql-tables.nse:186: attempt to concatenate local 'output' (a nil value) stack traceback: ./scripts/mssql-tables.nse:186: in function <./scripts/mssql-tables.nse:88> (tail call): ? NSE: Finished mssql-xp-cmdshell against 192.168.0.190:1433. NSE: Finished mssql-sp-configure against 192.168.0.190:1433. NSE: Finished mssql-databases against 192.168.0.190:1433. NSE: Finished mssql-linked-servers against 192.168.0.190:1433. NSE: Finished mssql-query against 192.168.0.190:1433. NSE: Finished mssql-hasdbaccess against 192.168.0.190:1433. Completed NSE at 10:47, 0.04s elapsed NSE: Script Scanning completed. Nmap scan report for 192.168.0.190 Host is up, received user-set (0.00080s latency). Scanned at 2010-03-30 10:47:16 MDT for 0s PORT STATE SERVICE REASON 1433/tcp open ms-sql-s syn-ack Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds So there's no output. mssql-tables had an error. Do I need to create some databases first? Do I need to supply authentication for all of the scripts? If so, how do I create an account? I was prompted for a password when I installed the server, but I don't know what the username would be. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts, (continued)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 23)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 28)
- [NSE] Feature suggestion (GSoC?) Martin Holst Swende (Mar 25)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 30)