Nmap Development mailing list archives
Re: pgsql-brute and PostgreSQL match lines
From: David Fifield <david () bamsoftware com>
Date: Wed, 17 Feb 2010 10:51:16 -0700
On Sat, Feb 06, 2010 at 11:51:39PM +0100, Patrik Karlsson wrote:
Hi all, I just finished pgsql-brute.nse, a script that allows password guessing against PostgreSQL servers and the supporting pgsql.lua library used for both version 2 and 3 of the protocol.
Thanks, Patrik. I've given it a look.
It would be nice if the library could automatically detect the version
of the protocol, with an option to unconditionally override it.
Otherwise detectVersion is going to be copied into every script.
Is this intentional? (The use of username as both user name and
database name.)
status, response = v.sendStartup(socket, username, username)
I'm getting log messages like this:
FATAL: unsupported frontend protocol 65363.19778: server supports 1.0 to 3.0
FATAL: no pg_hba.conf entry for host "192.168.0.21", user "versionprobe", database "versionprobe", SSL off
FATAL: no pg_hba.conf entry for host "192.168.0.21", user "root", database "root", SSL off
FATAL: no pg_hba.conf entry for host "192.168.0.21", user "root", database "root", SSL off
FATAL: no pg_hba.conf entry for host "192.168.0.21", user "admin", database "admin", SSL off
FATAL: no pg_hba.conf entry for host "192.168.0.21", user "admin", database "admin", SSL off
Even if the above code is a bug, I don't know why each user name would
be used only twice. It seems like it would be used as many times as
there are passwords.
You've got a little copy-paste error in a comment:
-- Add credentials for other mysql scripts to use
Can you tell me what lines to add to a configuration file to make a
dummy account for testing the script?
The library looks pretty good. Please provide a documentation reference
for this magic packet:
local data = bin.pack( ">I>I", 8, 80877103)
The library uses the openssl library without doing a require call; I'm
not sure if that will be a problem. Try running the script after
configuring Nmap --without-openssl and make sure it fails gracefully.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 06)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 17)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 20)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 24)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Mar 04)
- Re: pgsql-brute David Fifield (Mar 04)
- Re: pgsql-brute Patrik Karlsson (Mar 04)
- Re: pgsql-brute David Fifield (Mar 04)
- Re: pgsql-brute Patrik Karlsson (Mar 04)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 20)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 17)