Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: pgsql-brute script doesn't work
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 2 Sep 2013 07:19:02 -0500

Alexander,

The pgsql-brute script was not able to handle the Russian
internationalization that your postgres was compiled with. I looked up the
error string and tried to expand the check, so this patch may help. Even in
English, I think the text was changed between versions, so I reduced the
check to a smaller common string. Please let me know if this works so that
it can be committed.

Dan

diff --git a/scripts/pgsql-brute.nse b/scripts/pgsql-brute.nse
index a462f69..3d81a9d 100644
--- a/scripts/pgsql-brute.nse
+++ b/scripts/pgsql-brute.nse
@@ -125,7 +125,16 @@ action = function( host, port )
                                socket = connectSocket( host, port,
ssl_enable )
                                status, response = pg.sendStartup(socket,
username, username)
                                if (not(status)) then
-                                       if ( response:match("no pg_hba.conf
entry for host") ) then
+                                       if ( response:find("no pg_hba.conf
entry") or
+                                                       response:find("в
pg_hba.conf нет записи") or
+                                                       response:find("kein
pg_hba.conf-Eintrag") or
+
response:find("aucune entr\xe9e dans pg_hba.conf") or
+                                                       response:find("no
hay una línea en pg_hba.conf") or
+
response:find("nenhuma entrada no pg_hba.conf") or
+                                                       response:find("brak
wpisu w pg_hba.conf") or
+
response:find("没有用于主机") or
+
response:find("pg_hba.conf 沒有") or
+
response:find("pg_hba.conf にホスト") ) then
                                                stdnse.print_debug("The
host was denied access to db \"%s\" as user \"%s\", aborting ...",
username, u
                                                break
                                        else
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault