mailing list archives
Re: [NSE Script] MySQL Server Information
From: jah <jah () zadkiel plus com>
Date: Tue, 18 Dec 2007 18:05:15 +0000
On 18/12/2007 06:22, Kris Katterjohn wrote:
I grepped the nmap-service-probes and saw "unauthorized" with a
lowercase and uppercase U, so I edited that part. I saw no
occurrences of your suggested "unauthorised" in there, so I didn't add
I noticed that too, but my testing showed that string.match(s,pattern)
that I used, matched regardless of case. (My testing involved changing
the case of pattern rather than of anything in nmap-service-probes,
which may have been flawed thinking). What's the difference between
string.match(s,pattern) and s:match(pattern), is it the same operation
I added a check for too many connections, which I saw in the probes
file. It should match the different little versions of it from there,
though I didn't find a server with that error to test with.
This was my challenge for the day, find a server that reported 1040 Too
Many Connections. I couldn't. So I set about creating one and after
much fiddling with users and the max_connections mysql variable and much
hair-pulling, I conclude that the 1040 error seems only to occur after a
login request is sent to the server. I was able to put my sql server in
a state where it would respond with 1040, but only after login request.
The Server Greeting is sent prior to this so the script can still get
it's info. Therefore, I would say that the extra portrule may be
unnecessary. I haven't made any changes though because it's not hurting
anything and I may still be proved wrong...
Another change was just for personal preference :) Instead of
indenting the rest of the script after the protocol vs. error check, I
just return from that if() and the rest was as before. I just think
it's too long to warrant the extra indentation.
Yep, that looks much better!
You might like to remove the require for shortport line, other than
that, job's a good'n! As an approximation, I've found that 30-40% of
hosts with a mysql port open don't give "unauthorised" and successfully
send the server greeting which your script captures. Well worth the
effort you put in writing the script, I'd say. And I reckon there'll be
a demand for checking default/weak/blank pwds...
I found another oddity, not with your script, but with
socket_object:set_timeout(t). Having read the nmap network I/O api page
 I read your script sock:set_timeout(5000) as 50 seconds which I
thought was rather excessive. But I confirmed that the timeout is, as
I'm sure you intended, 5s. Is this an error in the docs do you think?
Perhaps something changed, but the doc didn't get updated?
 network I/O -
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org