Nmap Development mailing list archives
Re: MySQL scripts
From: David Fifield <david () bamsoftware com>
Date: Fri, 22 Jan 2010 14:21:17 -0700
On Mon, Jan 18, 2010 at 10:20:04PM +0100, Patrik Karlsson wrote:
I have created a small mysql library, hopefully the first :) The library currently has code to parse the greeting and to perform authentication. At the moment only the stronger (post 4.1) authentication is supported. Based on this library I have created two scripts, with kind of self explanatory names: * mysql-empty-password * mysql-brute
Thanks Patrik! I've looked over the scripts and library. Here are my requests before they're merged. We've started to enforce the requirement that the "safe" and "intrusive" categories are mutually exclusive. It's clear that mysql-brute should be in {"intrusive", "auth"} like the other brute scripts. My initial thought is that mysql-empty-password should be the same. Please add a link or something to the top oy mysql.lua with a description of the protocol. It's nice if you can refer to individual sections of documentation in each function that deals with a specific packet format. Checking for an empty password is a special case of brute-force guessing. Is MySQL commonly installed with a blank root password. Like, is it installed that way by default or something? If it's not common enough to be worth checking for on its own, I suggest combining it with mysql-brute. Someone checking for blank passwords is also probably going to want to check for other weak passwords. In the portfules, you really want to use shortport.port_or_service, so that if version detection finds mysql running on a different port, the script will still run. The username/password loop can be more clearly written. I just noticed that this way of using the library was not clearly documented so I added a usage example to unpwdb.lua. local usernames, passwords local username, password usernames = try(unpwdb.usernames()) passwords = try(unpwdb.passwords()) for password in passwords do for username in usernames do -- Try username and password. end usernames("reset") end I would like you to try adding support for unpwdb.timelimit to the brute script. The other brute scripts don't support it but they don't. You can measure elapsed time with nmap.clock_ms. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- MySQL scripts Patrik Karlsson (Jan 18)
- Re: MySQL scripts Fyodor (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts Ron (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts Ron (Jan 23)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts David Fifield (Jan 25)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts Fyodor (Jan 19)