PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added checks for missing OpenSSL to MySQL scripts and library [Patrik]

Browse Source
This commit is contained in:
patrik
2010-03-09 20:27:48 +00:00
parent 1bc598fb25
commit 2a44a941af
6 changed files with 79 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@@ -2,6 +2,8 @@
[NOT YET RELEASED] [NOT YET RELEASED]
o [NSE] Added checks for missing OpenSSL to MySQL scripts and library [Patrik]
o Made --resume work with recent changes to normal output. [jlanthea] o Made --resume work with recent changes to normal output. [jlanthea]
o [NSE] Added the new snmp-interfaces script by Thomas Buchanan, which o [NSE] Added the new snmp-interfaces script by Thomas Buchanan, which

60
nselib/mysql.lua
View File

@@ -13,7 +13,11 @@
module(... or "mysql", package.seeall) module(... or "mysql", package.seeall)
require 'openssl' local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
Capabilities = Capabilities =
{ {
@@ -121,31 +125,41 @@ function receiveGreeting( socket )
end end
--- Creates a hashed value of the password and salt according to MySQL authentication post version 4.1
--
-- @param pass string containing the users password
-- @param salt string containing the servers salt as obtained from <code>receiveGreeting</code>
-- @return reply string containing the raw hashed value
local function createLoginHash(pass, salt)
local hash_stage1 = openssl.sha1( pass ) if HAVE_SSL then
local hash_stage2 = openssl.sha1( hash_stage1 )
local hash_stage3 = openssl.sha1( salt .. hash_stage2 ) --- Creates a hashed value of the password and salt according to MySQL authentication post version 4.1
local reply = "" --
-- @param pass string containing the users password
-- @param salt string containing the servers salt as obtained from <code>receiveGreeting</code>
-- @return reply string containing the raw hashed value
local function createLoginHash(pass, salt)
local hash_stage1 = openssl.sha1( pass )
local hash_stage2 = openssl.sha1( hash_stage1 )
local hash_stage3 = openssl.sha1( salt .. hash_stage2 )
local reply = ""
local pos, b1, b2, b3, _ = 1, 0, 0, 0
for pos=1, hash_stage1:len() do
_, b1 = bin.unpack( "C", hash_stage1, pos )
_, b2 = bin.unpack( "C", hash_stage3, pos )
reply = reply .. string.char( bit.bxor( b2, b1 ) )
end
return reply
local pos, b1, b2, b3, _ = 1, 0, 0, 0
for pos=1, hash_stage1:len() do
_, b1 = bin.unpack( "C", hash_stage1, pos )
_, b2 = bin.unpack( "C", hash_stage3, pos )
reply = reply .. string.char( bit.bxor( b2, b1 ) )
end end
return reply else
local function createLoginHash(pass, salt)
return nil
end
end end
--- Attempts to Login to the remote mysql server --- Attempts to Login to the remote mysql server
-- --
-- @param socket already connected to the remote server -- @param socket already connected to the remote server
@@ -166,6 +180,10 @@ function loginRequest( socket, params, username, password, salt )
local authversion = params.authversion or "post41" local authversion = params.authversion or "post41"
local username = username or "" local username = username or ""
if not(HAVE_SSL) then
return false, "No OpenSSL"
end
if authversion ~= "post41" then if authversion ~= "post41" then
return false, "Unsupported authentication version: " .. authversion return false, "Unsupported authentication version: " .. authversion
end end

9
scripts/mysql-brute.nse
View File

@@ -23,6 +23,15 @@ require 'unpwdb'
-- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit -- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit
-- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice
-- ripped from ssh-hostkey.nse
-- openssl is required for this script
if not pcall(require,"openssl") then
portrule = function() return false end
action = function() end
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
return;
end
portrule = shortport.port_or_service(3306, "mysql") portrule = shortport.port_or_service(3306, "mysql")
action = function( host, port ) action = function( host, port )

10
scripts/mysql-databases.nse
View File

@@ -26,6 +26,16 @@ require 'mysql'
dependencies = {"mysql-brute", "mysql-empty-password"} dependencies = {"mysql-brute", "mysql-empty-password"}
-- ripped from ssh-hostkey.nse
-- openssl is required for this script
if not pcall(require,"openssl") then
portrule = function() return false end
action = function() end
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
return;
end
-- Version 0.1 -- Version 0.1
-- Created 01/23/2010 - v0.1 - created by Patrik Karlsson -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson

9
scripts/mysql-users.nse
View File

@@ -32,6 +32,15 @@ dependencies = {"mysql-brute", "mysql-empty-password"}
-- Version 0.1 -- Version 0.1
-- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- ripped from ssh-hostkey.nse
-- openssl is required for this script
if not pcall(require,"openssl") then
portrule = function() return false end
action = function() end
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
return;
end
portrule = shortport.port_or_service(3306, "mysql") portrule = shortport.port_or_service(3306, "mysql")
action = function( host, port ) action = function( host, port )

10
scripts/mysql-variables.nse
View File

@@ -40,6 +40,16 @@ dependencies = {"mysql-brute", "mysql-empty-password"}
-- Version 0.1 -- Version 0.1
-- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- ripped from ssh-hostkey.nse
-- openssl is required for this script
if not pcall(require,"openssl") then
portrule = function() return false end
action = function() end
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
return;
end
portrule = shortport.port_or_service(3306, "mysql") portrule = shortport.port_or_service(3306, "mysql")
action = function( host, port ) action = function( host, port )