Nmap Development mailing list archives
Re: MySQL scripts
From: David Fifield <david () bamsoftware com>
Date: Fri, 22 Jan 2010 14:21:17 -0700
On Mon, Jan 18, 2010 at 10:20:04PM +0100, Patrik Karlsson wrote:
I have created a small mysql library, hopefully the first :) The library currently has code to parse the greeting and to perform authentication. At the moment only the stronger (post 4.1) authentication is supported. Based on this library I have created two scripts, with kind of self explanatory names: * mysql-empty-password * mysql-brute
Thanks Patrik! I've looked over the scripts and library. Here are my
requests before they're merged.
We've started to enforce the requirement that the "safe" and "intrusive"
categories are mutually exclusive. It's clear that mysql-brute should be
in {"intrusive", "auth"} like the other brute scripts. My initial
thought is that mysql-empty-password should be the same.
Please add a link or something to the top oy mysql.lua with a
description of the protocol. It's nice if you can refer to individual
sections of documentation in each function that deals with a specific
packet format.
Checking for an empty password is a special case of brute-force
guessing. Is MySQL commonly installed with a blank root password. Like,
is it installed that way by default or something? If it's not common
enough to be worth checking for on its own, I suggest combining it with
mysql-brute. Someone checking for blank passwords is also probably going
to want to check for other weak passwords.
In the portfules, you really want to use shortport.port_or_service, so
that if version detection finds mysql running on a different port, the
script will still run.
The username/password loop can be more clearly written. I just noticed
that this way of using the library was not clearly documented so I added
a usage example to unpwdb.lua.
local usernames, passwords
local username, password
usernames = try(unpwdb.usernames())
passwords = try(unpwdb.passwords())
for password in passwords do
for username in usernames do
-- Try username and password.
end
usernames("reset")
end
I would like you to try adding support for unpwdb.timelimit to the brute
script. The other brute scripts don't support it but they don't. You can
measure elapsed time with nmap.clock_ms.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- MySQL scripts Patrik Karlsson (Jan 18)
- Re: MySQL scripts Fyodor (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts Ron (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts Ron (Jan 23)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts David Fifield (Jan 25)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts Fyodor (Jan 19)