Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE Script] MySQL Server Information
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 18 Dec 2007 17:53:19 -0600

Fyodor wrote:
On Tue, Dec 18, 2007 at 11:44:40PM +0000, jah wrote:
On 18/12/2007 20:30, Thomas Buchanan wrote:

But then as Fyodor says,
On 18/12/2007 23:09, Fyodor wrote:
We have categories to deal with this issue.  So a DB password checking
script would be good to have, but probably shouldn't be in the "safe"
So maybe we should complement MySQLinfo with an entirely separate script....

Well, if it is only testing a few common defaults and is unlikely to
cause DB lockouts, it is probably OK to include in a single script.
But yes, a major brute forcing script should probably be separate from
one which simply gathers some available information from the DB.

I think I agree with jah.  Since it seems like it will require quite a 
bit of work, including adding the SSL bindings, it might be best to have 
a script like mine which just gathers the general information, and then 
have one based on Thomas's (and maybe partially my) code for brute forcing.

What do you guys think?


Kris Katterjohn

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]