Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] mysql-enum user enumeration script
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 8 Dec 2012 12:57:28 -0500

Alexandar,

I tried this script and didn't get it to show any users even though they
existed.
I tracked the problem down to the server returning the following message;
"hostname is blocked because of many connection errors; unblock with
'mysqladmin flush-hosts'"

I think the script needs to handle this error message and report back to
avoid false negatives.
There were also some indentation cleanup that needed to be done.

Thanks,
Patrik


On Sat, Dec 8, 2012 at 10:20 AM, Aleksandar Nikolic
<nikolic.alek () gmail com>wrote:

Resending this as i didn't get any comments , and I guess it might
not have got attention due to list changing ...


-------- Original Message --------
Subject:        [NSE] mysql-enum user enumeration script
Date:   Mon, 03 Dec 2012 21:38:59 +0100
From:   Aleksandar Nikolic <nikolic.alek () gmail com>
To:     nmap-dev () insecure org



Hi all ,

been a long time since I contributed something :)

As you might have noticed, kingcope released quite a number of mysql
vulns over the
weekend, one of them being an user enumeration vulnerability which sounded
like a perfect candidate for a NSE script (original release :
http://seclists.org/fulldisclosure/2012/Dec/9 ).
So here is my rough draft for it.

The vuln lies in the fact that MySQL server, when it gets connection
from a client using old authentication
mechanism, responds in different ways when user does and does not exist.
Basically , when
user does not exist, the server replies with "Access denied for user..."
immediately, else it waits for a
password.

I might be a little rusty with Lua and nmap dev , so do point out your
ideas
and suggestions for improvements.

Aleksandar





_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]