Nmap Development mailing list archives
NSE:porting mysql-brute to brute framework
From: "Littlefield, Tyler" <tyler () tysdomain com>
Date: Fri, 10 Feb 2012 18:50:25 -0700
Hello:I'm working on porting the mysql-brute script over. Here's what I have so far, I'm just moving the code around. I have a quick question regarding this though. The connect I believe is called when this is passed on to the engine. Do I need to keep disconnecting and reconnecting? Also, I'm noticing some try functions, but there's no error handling setup. What do I need to do there?
Finally, how do I submit this when it is finally done? Here is the code: description = [[ Performs password guessing against MySQL ]] --- -- @output -- 3306/tcp open mysql -- | mysql-brute: -- | root:<empty> => Valid credentials -- |_ test:test => Valid credentials author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; categories = {"intrusive", "brute"} require 'shortport' require 'stdnse' require 'mysql' require 'unpwdb' require 'brute' stdnse.silent_require 'openssl' -- Version 0.3 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson <patrik () cqure net>-- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice -- Revised 09/09/2011 - v0.4 - revised by Tom Sellers, changed account status text to be more consistent with other *-brute scripts
--revised 02/10/2012 - v0.5: Converted to use the brute library
portrule = shortport.port_or_service(3306, "mysql")
--this is our driver class, used with the brute engine.
Driver = {
new = function(self, host, port, options)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.options = options
return o
end,
connect = function(self)
self.socket = nmap.new_socket()
-- set a reasonable timeout value
self.socket:set_timeout(5000)
end,
disconnect = function(self)
self.socket:disconnect()
self.socket = nil
end,
check = function(self)
return true
end,
login = function(self, user, password)
action = function( host, port )
local result, response, status = {}, nil, nil
local valid_accounts = {}
local usernames, passwords
local username, password
usernames = try(unpwdb.usernames())
passwords = try(unpwdb.passwords())
for username in usernames do
for password in passwords do
try( socket:connect(host, port) )
response = try( mysql.receiveGreeting( socket ) )
stdnse.print_debug( "Trying %s/%s ...", username, password )
status, response = mysql.loginRequest( socket, {
authversion = "post41", charset = response.charset }, username,
password, response.salt )
socket:close()
if status then
-- Add credentials for other mysql scripts to use
if nmap.registry.mysqlusers == nil then
nmap.registry.mysqlusers = {}
end
nmap.registry.mysqlusers[username]=password
table.insert( valid_accounts, string.format("%s:%s =>
Valid credentials", username, password:len()>0 and password or "<empty>" ) )
break
end
end
passwords("reset")
end
local output = stdnse.format_output(true, valid_accounts)
return output
end
--
Take care,
Ty
Web: http://tds-solutions.net
The Aspen project: a light-weight barebones mud engine
http://code.google.com/p/aspenmud
Sent from my toaster.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE:porting mysql-brute to brute framework Littlefield, Tyler (Feb 10)
- Re: NSE:porting mysql-brute to brute framework Patrik Karlsson (Feb 11)