PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Fix parsing salt value for mysql. Fixes #596

Browse Source
This commit is contained in:
dmiller
2016-11-29 22:35:51 +00:00
parent 30f41875d3
commit 636823622c
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE][GH#596] Fix a bug in mysql.lua that caused authentication failures in
mysql-brute and other scripts due to including a null terminator in the salt
value. This bug affects Nmap 7.25BETA2 and later releases. [Daniel Miller]
o The --open option now implies --defeat-rst-ratelimit. This may result in o The --open option now implies --defeat-rst-ratelimit. This may result in
inaccuracies in the numbers of "Not shown:" closed and filtered ports, but inaccuracies in the numbers of "Not shown:" closed and filtered ports, but
only in situations where it also speeds up scan times. [Daniel Miller] only in situations where it also speeds up scan times. [Daniel Miller]

2
nselib/mysql.lua
View File

@@ -149,7 +149,7 @@ function receiveGreeting( socket )
stdnse.debug2("reserved bytes are not nulls") stdnse.debug2("reserved bytes are not nulls")
end end
if response.capabilities & Capabilities.Support41Auth > 0 then if response.capabilities & Capabilities.Support41Auth > 0 then
pos, tmp = bin.unpack("A" .. math.max(13, auth_plugin_len - 8), data, pos) pos, tmp, _ = bin.unpack("A" .. (math.max(13, auth_plugin_len - 8) - 1) .. "x", data, pos)
response.salt = response.salt .. tmp response.salt = response.salt .. tmp
end end
if response.extcapabilities & ExtCapabilities.SupportsAuthPlugins > 0 then if response.extcapabilities & ExtCapabilities.SupportsAuthPlugins > 0 then