Nmap Development mailing list archives
[NSE] ms-sql-info broadcast split
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 20 Nov 2010 19:56:24 +0100
Hi all, I've been working on splitting the broadcast functionality from the ms-sql-info script for a while. I decided to make the broadcast script somewhat different than the unicast script, hence the different name. The foremost reason is that I would like the broadcast script to be non intrusive and just discover hosts and instances. Unfortunately I came to this conclusion after doing considerable work on the ms-sql-info script to make it more suitable for re-using the code in both scripts. During the process I also managed to fix a few bugs that I've run into during the last few weeks so maybe its not all bad. The script supports the newtargets option and can be used like this to scan all SQL servers on the network using all of the ms-sql scripts: sudo ./nmap -PN -sT -p U:1434,T:1433 --script broadcast-mssql-discover,ms-sql-* -d3 --script-args newtargets Anyway, In order to split out the broadcast functionality we could either use this re-worked new ms-sql-info script or we would simply revert to a version before the broadcast code was added. Any thoughts or feedback on this is most welcome! Here are the major changes to the new ms-sql-info script: * a new Discover method was added to the mssql library * a new DecodeBrowserInfoVersion method was added to the mssql library * the mssql library is now used in order to attempt to extract the "real version" from the database this solves a few problems I was having when the script failed to retrieve the real version. * when an instance is found the script now attempts to resolve the server name reported by the browser service it then attempts to connect to the port at the new ip in order to retrieve the real version this solve a problem I was having when the browser service reported instances on different ip's then the browser service itself if the resolve fails for some reason, the script falls back to the same IP as the browser service * there's a slight change to the script output and the way it's built up, see below: This is the output from the script when it can't authenticate and retrieve the real version: | ms-sql-info: | Instance: SQLEXPRESS | Microsoft SQL Server 2005 Express Edition | Server version: 9.00.3042.00 (SP2) - UNVERIFIED | Clustered: No | Server name: SQLSRV001 | Tcp port: 1444 | Instance: MSSQLSERVER | Microsoft SQL Server 2000 | Server version: 8.00.194 - UNVERIFIED | Named pipe: \\SQLSRV001\pipe\sql\query | Clustered: No | Server name: SQLSRV001 |_ Tcp port: 1433 This is the output from the script when it succeeds to authenticate an verify the version: | ms-sql-info: | Instance: SQLEXPRESS | Microsoft SQL Server 2008 Express Edition | Server version: 10.0.1600.22 (RTM) | Clustered: No | Server name: WIN2K3-EPI-1 | Tcp port: 1052 | Server edition: Express Edition with Advanced Services on Windows NT 5.2 <X86> (Build 3790: Service Pack 2) |_ WARNING: Database was accessible as SA with empty password! I've already commited the new mssql library (r21149) as it contains an important bugfix that lowers the timeout for the connect function. If nobody objects I'll commit the new ms-sql-info and broadcast-ms-sql-discover within the next few days.
Attachment:
broadcast-ms-sql-discover.nse
Description:
Attachment:
ms-sql-info.nse
Description:
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ms-sql-info broadcast split Patrik Karlsson (Nov 20)
- Re: [NSE] ms-sql-info broadcast split David Fifield (Nov 22)
- Re: [NSE] ms-sql-info broadcast split Patrik Karlsson (Nov 22)
- Re: [NSE] ms-sql-info broadcast split David Fifield (Nov 22)
- Re: [NSE] ms-sql-info broadcast split Patrik Karlsson (Dec 10)
- Re: [NSE] ms-sql-info broadcast split Patrik Karlsson (Nov 22)
- Re: [NSE] ms-sql-info broadcast split David Fifield (Nov 22)