o [NSE] Added a library for Microsoft SQL Server and 7 new scripts. The new

scripts are:
  - ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
  - ms-sql-config retrieves various configuration details from the server		
  - ms-sql-empty-password checks if the sa account has an empty password
  - ms-sql-hasdbaccess lists database access per user
  - ms-sql-query add support for running custom queries against the database
  - ms-sql-tables lists databases, tables, columns and datatypes with optional
    keyword filtering
  - ms-sql-xp-cmdshell adds support for OS command execution to privileged
    users
  [Patrik]

scripts/ms-sql-empty-password.nse

@@ -0,0 +1,52 @@
+description = [[
+Attempts to authenticate using an empty password for the sysadmin (sa) account.
+]]
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"auth","intrusive"}
+
+require 'shortport'
+require 'stdnse'
+require 'mssql'
+
+---
+--
+-- @output
+-- PORT     STATE SERVICE
+-- 1433/tcp open  ms-sql-s
+-- | mssql-empty-password:  
+-- |_  sa:<empty> => Login Correct
+--
+--
+
+-- Version 0.1
+-- Created 01/17/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+portrule = shortport.port_or_service(1433, "ms-sql-s")
+
+action = function( host, port )
+
+	local helper, status, result
+	local username, password, database, valid_accounts = "sa", "", "tempdb", {}
+	
+	helper = mssql.Helper:new()
+	status, result = helper:Connect(host, port)
+		
+	if( not(status) ) then
+		return "  \n\n" .. result
+	end
+			
+	status, result = helper:Login( username, password, database, host.ip )
+	helper:Disconnect()
+			
+	if status then
+		nmap.registry.mssqlusers = nmap.registry.mssqlusers or {}	
+		nmap.registry.mssqlusers[username]=password
+				
+		table.insert( valid_accounts, string.format("%s:%s => Login Success", username, password:len()>0 and password or "<empty>" ) )
+	end
+			
+	return stdnse.format_output(true, valid_accounts)	
+
+end