From 2a44a941af0456907bdb10d010882278c8820a18 Mon Sep 17 00:00:00 2001 From: patrik Date: Tue, 9 Mar 2010 20:27:48 +0000 Subject: [PATCH] o [NSE] Added checks for missing OpenSSL to MySQL scripts and library [Patrik] --- CHANGELOG | 2 ++ nselib/mysql.lua | 60 ++++++++++++++++++++++++------------- scripts/mysql-brute.nse | 9 ++++++ scripts/mysql-databases.nse | 10 +++++++ scripts/mysql-users.nse | 9 ++++++ scripts/mysql-variables.nse | 10 +++++++ 6 files changed, 79 insertions(+), 21 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 49ae99442..8cd74eac6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,8 @@ [NOT YET RELEASED] +o [NSE] Added checks for missing OpenSSL to MySQL scripts and library [Patrik] + o Made --resume work with recent changes to normal output. [jlanthea] o [NSE] Added the new snmp-interfaces script by Thomas Buchanan, which diff --git a/nselib/mysql.lua b/nselib/mysql.lua index 59a71ad8a..154bf5dbd 100644 --- a/nselib/mysql.lua +++ b/nselib/mysql.lua @@ -13,7 +13,11 @@ module(... or "mysql", package.seeall) -require 'openssl' +local HAVE_SSL = false + +if pcall(require,'openssl') then + HAVE_SSL = true +end Capabilities = { @@ -121,31 +125,41 @@ function receiveGreeting( socket ) end ---- Creates a hashed value of the password and salt according to MySQL authentication post version 4.1 --- --- @param pass string containing the users password --- @param salt string containing the servers salt as obtained from receiveGreeting --- @return reply string containing the raw hashed value -local function createLoginHash(pass, salt) - local hash_stage1 = openssl.sha1( pass ) - local hash_stage2 = openssl.sha1( hash_stage1 ) - local hash_stage3 = openssl.sha1( salt .. hash_stage2 ) - local reply = "" +if HAVE_SSL then + + --- Creates a hashed value of the password and salt according to MySQL authentication post version 4.1 + -- + -- @param pass string containing the users password + -- @param salt string containing the servers salt as obtained from receiveGreeting + -- @return reply string containing the raw hashed value + local function createLoginHash(pass, salt) + + local hash_stage1 = openssl.sha1( pass ) + local hash_stage2 = openssl.sha1( hash_stage1 ) + local hash_stage3 = openssl.sha1( salt .. hash_stage2 ) + local reply = "" + + local pos, b1, b2, b3, _ = 1, 0, 0, 0 + + for pos=1, hash_stage1:len() do + _, b1 = bin.unpack( "C", hash_stage1, pos ) + _, b2 = bin.unpack( "C", hash_stage3, pos ) + + reply = reply .. string.char( bit.bxor( b2, b1 ) ) + end + + return reply - local pos, b1, b2, b3, _ = 1, 0, 0, 0 - - for pos=1, hash_stage1:len() do - _, b1 = bin.unpack( "C", hash_stage1, pos ) - _, b2 = bin.unpack( "C", hash_stage3, pos ) - - reply = reply .. string.char( bit.bxor( b2, b1 ) ) end - - return reply - + +else + local function createLoginHash(pass, salt) + return nil + end end + --- Attempts to Login to the remote mysql server -- -- @param socket already connected to the remote server @@ -166,6 +180,10 @@ function loginRequest( socket, params, username, password, salt ) local authversion = params.authversion or "post41" local username = username or "" + if not(HAVE_SSL) then + return false, "No OpenSSL" + end + if authversion ~= "post41" then return false, "Unsupported authentication version: " .. authversion end diff --git a/scripts/mysql-brute.nse b/scripts/mysql-brute.nse index 6572b8c08..731940a75 100644 --- a/scripts/mysql-brute.nse +++ b/scripts/mysql-brute.nse @@ -23,6 +23,15 @@ require 'unpwdb' -- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice +-- ripped from ssh-hostkey.nse +-- openssl is required for this script +if not pcall(require,"openssl") then + portrule = function() return false end + action = function() end + stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename ) + return; +end + portrule = shortport.port_or_service(3306, "mysql") action = function( host, port ) diff --git a/scripts/mysql-databases.nse b/scripts/mysql-databases.nse index a15cfad94..0ba6224f6 100644 --- a/scripts/mysql-databases.nse +++ b/scripts/mysql-databases.nse @@ -26,6 +26,16 @@ require 'mysql' dependencies = {"mysql-brute", "mysql-empty-password"} +-- ripped from ssh-hostkey.nse +-- openssl is required for this script +if not pcall(require,"openssl") then + portrule = function() return false end + action = function() end + stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename ) + return; +end + + -- Version 0.1 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson diff --git a/scripts/mysql-users.nse b/scripts/mysql-users.nse index e93dd278a..f69736ef0 100644 --- a/scripts/mysql-users.nse +++ b/scripts/mysql-users.nse @@ -32,6 +32,15 @@ dependencies = {"mysql-brute", "mysql-empty-password"} -- Version 0.1 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson +-- ripped from ssh-hostkey.nse +-- openssl is required for this script +if not pcall(require,"openssl") then + portrule = function() return false end + action = function() end + stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename ) + return; +end + portrule = shortport.port_or_service(3306, "mysql") action = function( host, port ) diff --git a/scripts/mysql-variables.nse b/scripts/mysql-variables.nse index 33344cc8e..c0acf7a55 100644 --- a/scripts/mysql-variables.nse +++ b/scripts/mysql-variables.nse @@ -40,6 +40,16 @@ dependencies = {"mysql-brute", "mysql-empty-password"} -- Version 0.1 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson +-- ripped from ssh-hostkey.nse +-- openssl is required for this script +if not pcall(require,"openssl") then + portrule = function() return false end + action = function() end + stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename ) + return; +end + + portrule = shortport.port_or_service(3306, "mysql") action = function( host, port )