Re: nmap mysql-info salt

[George Chatzisofroniou <sophron () latthi com>]

On Mon, Apr 9, 2018 at 3:27 PM, Syed Shah <Syed.Shah () sainsburys co uk> wrote:
> I’m curious to know more about the nmap script mysql-info, whne I run this against a vulnerable OS (Maetasploitable) 
> running mysql 5.0.51 it return a value for the salt. I understand that the salt is used in the password hash 
> generation.

This is the salt used for the MySQL password whenever the default
authentication method (mysql_native_password) is in place.

> I couldn’t figure out how or why the script returns the salt and also the hardcoded salt in the script differs from 
> the returned output. <elem key="Salt">bYyt\NQ/4V6IN+*3`imj</elem>. Could you help me understand how this value is 
> being returned please.

This is intended to avoid the clear-text transmission of the password.
Have a look at the docs for the MySQL authentication handshake [1].

The hardcoded value in the script is clearly part of an example.

[1]: https://dev.mysql.com/doc/internals/en/plain-handshake.html

George
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/