PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity

removed the ms-sql-dac script from default and made the port discovery

Browse Source 
run in parallell against multiple database instances.
This commit is contained in:
patrik
2012-07-10 10:08:42 +00:00
parent 9236196d42
commit 6dd99f410b
2 changed files with 29 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
scripts/ms-sql-dac.nse
View File

@@ -29,7 +29,7 @@ to the reported port in order to verify whether it's accessible or not.
author = "Patrik Karlsson" author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"} categories = {"discovery", "safe"}
hostrule = function(host) hostrule = function(host)
if ( mssql.Helper.WasDiscoveryPerformed( host ) ) then if ( mssql.Helper.WasDiscoveryPerformed( host ) ) then
@@ -51,8 +51,23 @@ local function checkPort(host, port)
return status return status
end end
local function discoverDAC(host, name, result)
local condvar = nmap.condvar(result)
stdnse.print_debug(2, "Discovering DAC port on instance: %s", name)
local port = mssql.Helper.DiscoverDACPort( host, name )
if ( port ) then
if ( checkPort(host, port) ) then
table.insert(result, ("Instance: %s; DAC port: %s"):format(name, port))
else
table.insert(result, ("Instance: %s; DAC port: %s (connection failed)"):format(name, port))
end
end
condvar "signal"
end
action = function( host ) action = function( host )
local result = {} local result, threads = {}, {}
local condvar = nmap.condvar(result)
local status, instanceList = mssql.Helper.GetTargetInstances( host ) local status, instanceList = mssql.Helper.GetTargetInstances( host )
-- if no instances were targeted, then display info on all -- if no instances were targeted, then display info on all
@@ -66,15 +81,17 @@ action = function( host )
for _, instance in ipairs(instanceList) do for _, instance in ipairs(instanceList) do
local name = instance:GetName():match("^[^\\]*\\(.*)$") local name = instance:GetName():match("^[^\\]*\\(.*)$")
if ( name ) then if ( name ) then
stdnse.print_debug(2, "Discovering DAC port on instance: %s", name) local co = stdnse.new_thread(discoverDAC, host, name, result)
local port = mssql.Helper.DiscoverDACPort( host, name ) threads[co] = true
if ( port ) then
if ( checkPort(host, port) ) then
table.insert(result, ("Instance: %s; DAC port: %s"):format(name, port))
else
table.insert(result, ("Instance: %s; DAC port: %s (connection failed)"):format(name, port))
end end
end end
while(next(threads)) do
for t in pairs(threads) do
threads[t] = ( coroutine.status(t) ~= "dead" ) and true or nil
end
if ( next(threads) ) then
condvar "wait"
end end
end end

2
scripts/script.db
View File

@@ -240,7 +240,7 @@ Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery
Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } } Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dac.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "ms-sql-dac.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } } Entry { filename = "ms-sql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "ms-sql-empty-password.nse", categories = { "auth", "intrusive", } } Entry { filename = "ms-sql-empty-password.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ms-sql-hasdbaccess.nse", categories = { "auth", "discovery", "safe", } } Entry { filename = "ms-sql-hasdbaccess.nse", categories = { "auth", "discovery", "safe", } }