From e94bdc7f5fe486f0939dac39a62ffb4c45c08440 Mon Sep 17 00:00:00 2001 From: patrik Date: Wed, 9 Feb 2011 20:48:42 +0000 Subject: [PATCH] Updated all ms-sql scripts to use proper script name argument prefixes with fallback to old argument names. [Patrik] --- scripts/ms-sql-config.nse | 12 +++++++----- scripts/ms-sql-hasdbaccess.nse | 9 +++++---- scripts/ms-sql-query.nse | 10 +++++----- scripts/ms-sql-tables.nse | 30 ++++++++++++++++-------------- scripts/ms-sql-xp-cmdshell.nse | 10 +++++----- 5 files changed, 38 insertions(+), 33 deletions(-) diff --git a/scripts/ms-sql-config.nse b/scripts/ms-sql-config.nse index dcd6c0ae1..5ecec3ca0 100644 --- a/scripts/ms-sql-config.nse +++ b/scripts/ms-sql-config.nse @@ -22,7 +22,7 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"} -- the server. This option overrides any accounts found by -- the mssql-brute and mssql-empty-password scripts. -- --- @args mssql-config.showall if set shows all configuration options. +-- @args ms-sql-config.showall if set shows all configuration options. -- -- @output -- PORT STATE SERVICE @@ -55,11 +55,13 @@ portrule = shortport.port_or_service(1433, "ms-sql-s") action = function( host, port ) local status, helper, response - local username = nmap.registry.args['mssql.username'] - local password = nmap.registry.args['mssql.password'] or "" + local username = stdnse.get_script_args( 'mssql.username' ) + local password = stdnse.get_script_args( 'mssql.password' ) or "" local result, result_part = {}, {} - local conf_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE configuration_id > 16384" - local db_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE name NOT IN ('master','model','tempdb','msdb')" + local conf_filter = stdnse.get_script_args( {'mssql-config.showall', 'ms-sql-config.showall'} ) and "" + or " WHERE configuration_id > 16384" + local db_filter = stdnse.get_script_args( {'mssql-config.showall', 'ms-sql-config.showall'} ) and "" + or " WHERE name NOT IN ('master','model','tempdb','msdb')" local queries = { [2]={ ["Configuration"] = [[ SELECT name, diff --git a/scripts/ms-sql-hasdbaccess.nse b/scripts/ms-sql-hasdbaccess.nse index 91d754900..e349b9fa1 100644 --- a/scripts/ms-sql-hasdbaccess.nse +++ b/scripts/ms-sql-hasdbaccess.nse @@ -29,7 +29,7 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"} -- the server. This option overrides any accounts found by -- the ms-sql-brute and ms-sql-empty-password scripts. -- --- @args mssql-hasdbaccess.limit limits the amount of databases per-user +-- @args ms-sql-hasdbaccess.limit limits the amount of databases per-user -- that are returned (default 5). If set to zero or less all -- databases the user has access to are returned. -- @@ -64,14 +64,15 @@ end action = function( host, port ) local status, result, helper, rs - local username = nmap.registry.args['mssql.username'] - local password = nmap.registry.args['mssql.password'] or "" + local username = stdnse.get_script_args('mssql.username') + local password = stdnse.get_script_args('mssql.password') or "" local creds local query, limit local output = {} local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" } - local RS_LIMIT = nmap.registry.args["mssql-hasdbaccess.limit"] and tonumber(nmap.registry.args["mssql-hasdbaccess.limit"]) or 5 + local RS_LIMIT = stdnse.get_script_args( {'mssql-hasdbaccess.limit', 'ms-sql-hasdbaccess.limit' } ) + and tonumber(stdnse.get_script_args( {'mssql-hasdbaccess.limit', 'ms-sql-hasdbaccess.limit' } )) or 5 if ( RS_LIMIT <= 0 ) then limit = "" diff --git a/scripts/ms-sql-query.nse b/scripts/ms-sql-query.nse index 3f5fe16b4..fe8954eff 100644 --- a/scripts/ms-sql-query.nse +++ b/scripts/ms-sql-query.nse @@ -13,7 +13,7 @@ require 'mssql' dependencies = {"ms-sql-brute", "ms-sql-empty-password"} --- --- @args mssql-query.query specifies the query to run against the server. +-- @args ms-sql-query.query specifies the query to run against the server. -- (default SELECT @@version version) -- -- @output @@ -34,12 +34,12 @@ portrule = shortport.port_or_service(1433, "ms-sql-s") action = function( host, port ) local status, result, helper - local username = nmap.registry.args['mssql.username'] - local password = nmap.registry.args['mssql.password'] or "" + local username = stdnse.get_script_args( 'mssql.username' ) + local password = stdnse.get_script_args( 'mssql.password' ) or "" -- the tempdb should be a safe guess, anyway the library is set up -- to continue even if the DB is not accessible to the user - local database = nmap.registry.args['mssql.database'] or "tempdb" - local query = nmap.registry.args['mssql-query.query'] or "SELECT @@version version" + local database = stdnse.get_script_args( 'mssql.database' ) or "tempdb" + local query = stdnse.get_script_args( {'ms-sql-query.query', 'mssql-query.query' } ) or "SELECT @@version version" if ( not(username) and nmap.registry.mssqlusers ) then -- do we have a sysadmin? diff --git a/scripts/ms-sql-tables.nse b/scripts/ms-sql-tables.nse index 6840e9163..f4252dfb4 100644 --- a/scripts/ms-sql-tables.nse +++ b/scripts/ms-sql-tables.nse @@ -35,14 +35,14 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"} -- the server. This option overrides any accounts found by -- the ms-sql-brute and ms-sql-empty-password scripts. -- --- @args mssql-tables.maxdb Limits the amount of databases that are +-- @args ms-sql-tables.maxdb Limits the amount of databases that are -- processed and returned (default 5). If set to zero or less -- all databases are processed. -- --- @args mssql-tables.maxtables Limits the amount of tables returned +-- @args ms-sql-tables.maxtables Limits the amount of tables returned -- (default 5). If set to zero or less all tables are returned. -- --- @args mssql-tables.keywords If set shows only tables or columns matching +-- @args ms-sql-tables.keywords If set shows only tables or columns matching -- the keywords -- -- @output @@ -94,8 +94,8 @@ end action = function( host, port ) local status, result, dbs, tables, helper - local username = nmap.registry.args['mssql.username'] - local password = nmap.registry.args['mssql.password'] or "" + local username = stdnse.get_script_args( 'mssql.username' ) + local password = stdnse.get_script_args( 'mssql.password' ) or "" local output = {} local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" } @@ -104,8 +104,10 @@ action = function( host, port ) local creds = {} local db_limit, tbl_limit - local DB_COUNT = nmap.registry.args["mssql-tables.maxdb"] and tonumber(nmap.registry.args["mssql-tables.maxdb"]) or 5 - local TABLE_COUNT = nmap.registry.args["mssql-tables.maxtables"] and tonumber(nmap.registry.args["mssql-tables.maxtables"]) or 2 + local DB_COUNT = stdnse.get_script_args( {'ms-sql-tables.maxdb', 'mssql-tables.maxdb'} ) + and tonumber( stdnse.get_script_args( {'ms-sql-tables.maxdb', 'mssql-tables.maxdb'} ) ) or 5 + local TABLE_COUNT = stdnse.get_script_args( {'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } ) + and tonumber( stdnse.get_script_args( {'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } ) ) or 2 local keywords_filter = "" if ( DB_COUNT <= 0 ) then @@ -207,21 +209,21 @@ action = function( host, port ) local pos = 1 local restrict_tbl = {} - if ( nmap.registry.args['mssql-tables.keywords'] ) then - tmp = nmap.registry.args['mssql-tables.keywords'] + if ( stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } ) ) then + tmp = stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } ) if ( type(tmp) == 'table' ) then tmp = stdnse.strjoin(',', tmp) end table.insert(restrict_tbl, 1, ("Filter: %s"):format(tmp)) pos = pos + 1 else - table.insert(restrict_tbl, 1, "No filter (see mssql-tables.keywords)") + table.insert(restrict_tbl, 1, "No filter (see ms-sql-tables.keywords)") end if ( DB_COUNT > 0 ) then local tmp = ("Output restricted to %d databases"):format(DB_COUNT) - if ( not(nmap.registry.args['mssql-tables.maxdb']) ) then - tmp = tmp .. " (see mssql-tables.maxdb)" + if ( not(stdnse.get_script_args( { 'ms-sql-tables.maxdb', 'mssql-tables.maxdb' } ) ) ) then + tmp = tmp .. " (see ms-sql-tables.maxdb)" end table.insert(restrict_tbl, 1, tmp) pos = pos + 1 @@ -229,8 +231,8 @@ action = function( host, port ) if ( TABLE_COUNT > 0 ) then local tmp = ("Output restricted to %d tables"):format(TABLE_COUNT) - if ( not(nmap.registry.args['mssql-tables.maxtables']) ) then - tmp = tmp .. " (see mssql-tables.maxtables)" + if ( not(stdnse.get_script_args( { 'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } ) ) ) then + tmp = tmp .. " (see ms-sql-tables.maxtables)" end table.insert(restrict_tbl, 1, tmp) pos = pos + 1 diff --git a/scripts/ms-sql-xp-cmdshell.nse b/scripts/ms-sql-xp-cmdshell.nse index 4445a275b..79ca1f12e 100644 --- a/scripts/ms-sql-xp-cmdshell.nse +++ b/scripts/ms-sql-xp-cmdshell.nse @@ -81,11 +81,11 @@ end action = function( host, port ) local status, result, helper - local username = nmap.registry.args['mssql.username'] - local password = nmap.registry.args['mssql.password'] or "" + local username = stdnse.get_script_args( 'mssql.username' ) + local password = stdnse.get_script_args( 'mssql.password' ) or "" local creds local query - local cmd = nmap.registry.args['ms-sql-xp-cmdshell.cmd'] or 'ipconfig /all' + local cmd = stdnse.get_script_args( {'ms-sql-xp-cmdshell.cmd', 'mssql-xp-cmdshell.cmd'} ) or 'ipconfig /all' local output = {} query = ("EXEC master..xp_cmdshell '%s'"):format(cmd) @@ -126,10 +126,10 @@ action = function( host, port ) if ( status ) then output = mssql.Util.FormatOutputTable( result, true ) - if ( not(nmap.registry.args['mssql-xp-cmdshell.cmd']) ) then + if ( not(stdnse.get_script_args( {'ms-sql-xp-cmdshell.cmd', 'mssql-xp-cmdshell.cmd'} ) ) ) then table.insert(output, 1, cmd) output = stdnse.format_output( true, output ) - output = "(Use --script-args=mssql-xp-cmdshell.cmd='' to change command.)" .. output + output = "(Use --script-args=ms-sql-xp-cmdshell.cmd='' to change command.)" .. output else output = stdnse.format_output( true, output ) end