mailing list archives
Re: [NSE Script] MySQL Server Information
From: sawall <sawall () gmail com>
Date: Tue, 18 Dec 2007 18:59:44 -0600
My comment would be that a brute-force may or may not be necessary. If it
were included, it could be enabled via an argument or a separate app could
be run against MS SQL or MySQL. As mentioned before, a brute-force attack
could take some time and really slow things down.
I was thinking more along the lines to just check for a few simple
passwords, like defaults and a few common ones (i.e., _blank_, password,
admin, etc). This also could be disabled/enabled via an argument for those
who just wanted to gather server/version info.
I think the outcome of all of this will be good though!
On Dec 18, 2007 6:53 PM, Brandon Enright <bmenrigh () ucsd edu> wrote:
This is an interesting idea. You can accomplish what you described
above with a few hacks using the registry (may take more than one
script though). Along those lines, I'd like to be able to exclude
scripts by category. For example, we've already had several people hung
up on bruteTelnet.nse. I'd like a couple of categories to be added like
"slow" and "brute-force".
Then, I can run "all" scripts while still not running certain ones like
nmap ... --script=all --no-script=brute-force ...
Sometimes I want to run some intrusive scripts and not others. As we
get more and more scripts, it becomes harder to list the right scripts
and categories without also including ones you don't want.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
Re: [NSE Script] MySQL Server Information sawall (Dec 18)