mailing list archives
Re: [NSE Script] MySQL Server Information
From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Tue, 18 Dec 2007 14:30:12 -0600
Kris Katterjohn wrote:
I noticed that too, but my testing showed that string.match(s,pattern)
that I used, matched regardless of case. (My testing involved changing
the case of pattern rather than of anything in nmap-service-probes,
which may have been flawed thinking). What's the difference between
string.match(s,pattern) and s:match(pattern), is it the same operation
That's interesting about match(). I don't think your test was flawed,
because I would've tried that myself :) I haven't read anywhere that
explicitly states it's case-insensitive, and grepping in scripts/ shows
that HTTPAuth.nse contains a character set of "[Aa]" in there.. but
Thomas could just be as confused as me :) I'll leave it for now since
I'm not sure (but if we can find a link showing that it is, in fact,
case insensitive I'll certainly remove it).
First off, sorry to be so late joining this thread. I've been wanting
to contribute, but I'm swamped right now, and just haven't been able to
As far as I know, patterns in Lua are case-sensitive, although I can't
find any specific online references that supports that statement.
Here's a quick test from a command-line Lua interpreter:
Lua 5.1.2 Copyright (C) 1994-2007 Lua.org, PUC-Rio
a = "a"
m = string.match(a, "a")
m = string.match(a, "A")
I hope people find it useful. I'll look into adding other things, like
attempting logins, etc.
This was really the main reason I wanted to jump in. About 3 weeks ago,
I started working on a MySQL script myself. Unfortunately, things got
very busy, and I haven't had time to make significant progress on it.
However, I was able to successfully login to MySQL servers using the
extended login capabilities introduced in 4.1. To login with a password
requires the ability to create SHA1 hashes of the password and the salt
received from the server, which was my motivation for the NSE/OpenSSL
patches I posted to the list recently:
I'm really busy through the end of the year, but I'd love to be able to
help with this effort. I can post the very rough code that I have
cobbled together for you guys to look at, or I can try to integrate my
login code into Kris's script once I have time.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org