Nmap Development mailing list archives
Re: MySQL scripts
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 23 Jan 2010 23:08:34 +0100
On 22 jan 2010, at 22.34, David Fifield wrote:
On Fri, Jan 22, 2010 at 03:27:47PM -0600, Ron wrote:On 01/22/2010 03:21 PM, David Fifield wrote:Checking for an empty password is a special case of brute-force guessing. Is MySQL commonly installed with a blank root password. Like, is it installed that way by default or something? If it's not common enough to be worth checking for on its own, I suggest combining it with mysql-brute. Someone checking for blank passwords is also probably going to want to check for other weak passwords.By default, if you install MySQL from source, it creates four accounts with blank passwords: root@localhost root@[machine name] [blank]@localhost [blank]@[machine name] Since those are the defaults, in some ways it makes sense to check them specially.Thanks Ron. In that case, I agree it makes sense to have a separate script. mysql-empty-password should check the blank user too. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
I've added support for the anonymous account to mysql-empty-passwords. If a user with an empty name exists in MySQL you can authenticate anonymously. This basically means that you can authenticate using any username you want, given it's not the name of another user. Running the mysql-brute against a server with the anonymous account enabled will look as if all the guessed users will have access, which they sort of do. Apart from this fix I think I've implemented the changes proposed by David in this post: http://seclists.org/nmap-dev/2010/q1/227 In addition I've added query support to the MySQL library and three new scripts that make use of this: mysql-list-databases, mysql-list-users and mysql-show-variables. These scripts either take a username and password as script argument or depend on the mysql-brute and/or mysql-empty-password to supply it to them. I'm attaching the scripts and the latest library. They're also available from here as usual: http://www.cqure.net/wp/nmap-scripts/ For some sample output check out this blog post: http://www.cqure.net/wp/2010/01/nmap-does-more-mysql/ //Patrik
Attachment:
mysql-brute.nse
Description:
Attachment:
mysql-empty-password.nse
Description:
Attachment:
mysql-list-databases.nse
Description:
Attachment:
mysql-list-users.nse
Description:
Attachment:
mysql-show-variables.nse
Description:
Attachment:
mysql.lua
Description:
-- Patrik Karlsson http://www.cqure.net
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- MySQL scripts Patrik Karlsson (Jan 18)
- Re: MySQL scripts Fyodor (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts Ron (Jan 19)
- Re: MySQL scripts Patrik Karlsson (Jan 19)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts David Fifield (Jan 22)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts Ron (Jan 23)
- Re: MySQL scripts Patrik Karlsson (Jan 23)
- Re: MySQL scripts David Fifield (Jan 25)
- Re: MySQL scripts Ron (Jan 22)
- Re: MySQL scripts Fyodor (Jan 19)