PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Updated all ms-sql scripts to use proper script name argument prefixes with

Browse Source 
fallback to old argument names. [Patrik]
This commit is contained in:
patrik
2011-02-09 20:48:42 +00:00
parent b3a3501190
commit e94bdc7f5f
5 changed files with 38 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/ms-sql-config.nse
View File

@@ -22,7 +22,7 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
-- the server. This option overrides any accounts found by -- the server. This option overrides any accounts found by
-- the mssql-brute and mssql-empty-password scripts. -- the mssql-brute and mssql-empty-password scripts.
-- --
-- @args mssql-config.showall if set shows all configuration options. -- @args ms-sql-config.showall if set shows all configuration options.
-- --
-- @output -- @output
-- PORT STATE SERVICE -- PORT STATE SERVICE
@@ -55,11 +55,13 @@ portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port ) action = function( host, port )
local status, helper, response local status, helper, response
local username = nmap.registry.args['mssql.username'] local username = stdnse.get_script_args( 'mssql.username' )
local password = nmap.registry.args['mssql.password'] or "" local password = stdnse.get_script_args( 'mssql.password' ) or ""
local result, result_part = {}, {} local result, result_part = {}, {}
local conf_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE configuration_id > 16384" local conf_filter = stdnse.get_script_args( {'mssql-config.showall', 'ms-sql-config.showall'} ) and ""
local db_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE name NOT IN ('master','model','tempdb','msdb')" or " WHERE configuration_id > 16384"
local db_filter = stdnse.get_script_args( {'mssql-config.showall', 'ms-sql-config.showall'} ) and ""
or " WHERE name NOT IN ('master','model','tempdb','msdb')"
local queries = { local queries = {
[2]={ ["Configuration"] = [[ SELECT name, [2]={ ["Configuration"] = [[ SELECT name,

9
scripts/ms-sql-hasdbaccess.nse
View File

@@ -29,7 +29,7 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
-- the server. This option overrides any accounts found by -- the server. This option overrides any accounts found by
-- the <code>ms-sql-brute</code> and <code>ms-sql-empty-password</code> scripts. -- the <code>ms-sql-brute</code> and <code>ms-sql-empty-password</code> scripts.
-- --
-- @args mssql-hasdbaccess.limit limits the amount of databases per-user -- @args ms-sql-hasdbaccess.limit limits the amount of databases per-user
-- that are returned (default 5). If set to zero or less all -- that are returned (default 5). If set to zero or less all
-- databases the user has access to are returned. -- databases the user has access to are returned.
-- --
@@ -64,14 +64,15 @@ end
action = function( host, port ) action = function( host, port )
local status, result, helper, rs local status, result, helper, rs
local username = nmap.registry.args['mssql.username'] local username = stdnse.get_script_args('mssql.username')
local password = nmap.registry.args['mssql.password'] or "" local password = stdnse.get_script_args('mssql.password') or ""
local creds local creds
local query, limit local query, limit
local output = {} local output = {}
local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" } local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" }
local RS_LIMIT = nmap.registry.args["mssql-hasdbaccess.limit"] and tonumber(nmap.registry.args["mssql-hasdbaccess.limit"]) or 5 local RS_LIMIT = stdnse.get_script_args( {'mssql-hasdbaccess.limit', 'ms-sql-hasdbaccess.limit' } )
and tonumber(stdnse.get_script_args( {'mssql-hasdbaccess.limit', 'ms-sql-hasdbaccess.limit' } )) or 5
if ( RS_LIMIT <= 0 ) then if ( RS_LIMIT <= 0 ) then
limit = "" limit = ""

10
scripts/ms-sql-query.nse
View File

@@ -13,7 +13,7 @@ require 'mssql'
dependencies = {"ms-sql-brute", "ms-sql-empty-password"} dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
--- ---
-- @args mssql-query.query specifies the query to run against the server. -- @args ms-sql-query.query specifies the query to run against the server.
-- (default SELECT @@version version) -- (default SELECT @@version version)
-- --
-- @output -- @output
@@ -34,12 +34,12 @@ portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port ) action = function( host, port )
local status, result, helper local status, result, helper
local username = nmap.registry.args['mssql.username'] local username = stdnse.get_script_args( 'mssql.username' )
local password = nmap.registry.args['mssql.password'] or "" local password = stdnse.get_script_args( 'mssql.password' ) or ""
-- the tempdb should be a safe guess, anyway the library is set up -- the tempdb should be a safe guess, anyway the library is set up
-- to continue even if the DB is not accessible to the user -- to continue even if the DB is not accessible to the user
local database = nmap.registry.args['mssql.database'] or "tempdb" local database = stdnse.get_script_args( 'mssql.database' ) or "tempdb"
local query = nmap.registry.args['mssql-query.query'] or "SELECT @@version version" local query = stdnse.get_script_args( {'ms-sql-query.query', 'mssql-query.query' } ) or "SELECT @@version version"
if ( not(username) and nmap.registry.mssqlusers ) then if ( not(username) and nmap.registry.mssqlusers ) then
-- do we have a sysadmin? -- do we have a sysadmin?

30
scripts/ms-sql-tables.nse
View File

@@ -35,14 +35,14 @@ dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
-- the server. This option overrides any accounts found by -- the server. This option overrides any accounts found by
-- the <code>ms-sql-brute</code> and <code>ms-sql-empty-password</code> scripts. -- the <code>ms-sql-brute</code> and <code>ms-sql-empty-password</code> scripts.
-- --
-- @args mssql-tables.maxdb Limits the amount of databases that are -- @args ms-sql-tables.maxdb Limits the amount of databases that are
-- processed and returned (default 5). If set to zero or less -- processed and returned (default 5). If set to zero or less
-- all databases are processed. -- all databases are processed.
-- --
-- @args mssql-tables.maxtables Limits the amount of tables returned -- @args ms-sql-tables.maxtables Limits the amount of tables returned
-- (default 5). If set to zero or less all tables are returned. -- (default 5). If set to zero or less all tables are returned.
-- --
-- @args mssql-tables.keywords If set shows only tables or columns matching -- @args ms-sql-tables.keywords If set shows only tables or columns matching
-- the keywords -- the keywords
-- --
-- @output -- @output
@@ -94,8 +94,8 @@ end
action = function( host, port ) action = function( host, port )
local status, result, dbs, tables, helper local status, result, dbs, tables, helper
local username = nmap.registry.args['mssql.username'] local username = stdnse.get_script_args( 'mssql.username' )
local password = nmap.registry.args['mssql.password'] or "" local password = stdnse.get_script_args( 'mssql.password' ) or ""
local output = {} local output = {}
local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" } local exclude_dbs = { "'master'", "'tempdb'", "'model'", "'msdb'" }
@@ -104,8 +104,10 @@ action = function( host, port )
local creds = {} local creds = {}
local db_limit, tbl_limit local db_limit, tbl_limit
local DB_COUNT = nmap.registry.args["mssql-tables.maxdb"] and tonumber(nmap.registry.args["mssql-tables.maxdb"]) or 5 local DB_COUNT = stdnse.get_script_args( {'ms-sql-tables.maxdb', 'mssql-tables.maxdb'} )
local TABLE_COUNT = nmap.registry.args["mssql-tables.maxtables"] and tonumber(nmap.registry.args["mssql-tables.maxtables"]) or 2 and tonumber( stdnse.get_script_args( {'ms-sql-tables.maxdb', 'mssql-tables.maxdb'} ) ) or 5
local TABLE_COUNT = stdnse.get_script_args( {'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } )
and tonumber( stdnse.get_script_args( {'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } ) ) or 2
local keywords_filter = "" local keywords_filter = ""
if ( DB_COUNT <= 0 ) then if ( DB_COUNT <= 0 ) then
@@ -207,21 +209,21 @@ action = function( host, port )
local pos = 1 local pos = 1
local restrict_tbl = {} local restrict_tbl = {}
if ( nmap.registry.args['mssql-tables.keywords'] ) then if ( stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } ) ) then
tmp = nmap.registry.args['mssql-tables.keywords'] tmp = stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } )
if ( type(tmp) == 'table' ) then if ( type(tmp) == 'table' ) then
tmp = stdnse.strjoin(',', tmp) tmp = stdnse.strjoin(',', tmp)
end end
table.insert(restrict_tbl, 1, ("Filter: %s"):format(tmp)) table.insert(restrict_tbl, 1, ("Filter: %s"):format(tmp))
pos = pos + 1 pos = pos + 1
else else
table.insert(restrict_tbl, 1, "No filter (see mssql-tables.keywords)") table.insert(restrict_tbl, 1, "No filter (see ms-sql-tables.keywords)")
end end
if ( DB_COUNT > 0 ) then if ( DB_COUNT > 0 ) then
local tmp = ("Output restricted to %d databases"):format(DB_COUNT) local tmp = ("Output restricted to %d databases"):format(DB_COUNT)
if ( not(nmap.registry.args['mssql-tables.maxdb']) ) then if ( not(stdnse.get_script_args( { 'ms-sql-tables.maxdb', 'mssql-tables.maxdb' } ) ) ) then
tmp = tmp .. " (see mssql-tables.maxdb)" tmp = tmp .. " (see ms-sql-tables.maxdb)"
end end
table.insert(restrict_tbl, 1, tmp) table.insert(restrict_tbl, 1, tmp)
pos = pos + 1 pos = pos + 1
@@ -229,8 +231,8 @@ action = function( host, port )
if ( TABLE_COUNT > 0 ) then if ( TABLE_COUNT > 0 ) then
local tmp = ("Output restricted to %d tables"):format(TABLE_COUNT) local tmp = ("Output restricted to %d tables"):format(TABLE_COUNT)
if ( not(nmap.registry.args['mssql-tables.maxtables']) ) then if ( not(stdnse.get_script_args( { 'ms-sql-tables.maxtables', 'mssql-tables.maxtables' } ) ) ) then
tmp = tmp .. " (see mssql-tables.maxtables)" tmp = tmp .. " (see ms-sql-tables.maxtables)"
end end
table.insert(restrict_tbl, 1, tmp) table.insert(restrict_tbl, 1, tmp)
pos = pos + 1 pos = pos + 1

10
scripts/ms-sql-xp-cmdshell.nse
View File

@@ -81,11 +81,11 @@ end
action = function( host, port ) action = function( host, port )
local status, result, helper local status, result, helper
local username = nmap.registry.args['mssql.username'] local username = stdnse.get_script_args( 'mssql.username' )
local password = nmap.registry.args['mssql.password'] or "" local password = stdnse.get_script_args( 'mssql.password' ) or ""
local creds local creds
local query local query
local cmd = nmap.registry.args['ms-sql-xp-cmdshell.cmd'] or 'ipconfig /all' local cmd = stdnse.get_script_args( {'ms-sql-xp-cmdshell.cmd', 'mssql-xp-cmdshell.cmd'} ) or 'ipconfig /all'
local output = {} local output = {}
query = ("EXEC master..xp_cmdshell '%s'"):format(cmd) query = ("EXEC master..xp_cmdshell '%s'"):format(cmd)
@@ -126,10 +126,10 @@ action = function( host, port )
if ( status ) then if ( status ) then
output = mssql.Util.FormatOutputTable( result, true ) output = mssql.Util.FormatOutputTable( result, true )
if ( not(nmap.registry.args['mssql-xp-cmdshell.cmd']) ) then if ( not(stdnse.get_script_args( {'ms-sql-xp-cmdshell.cmd', 'mssql-xp-cmdshell.cmd'} ) ) ) then
table.insert(output, 1, cmd) table.insert(output, 1, cmd)
output = stdnse.format_output( true, output ) output = stdnse.format_output( true, output )
output = "(Use --script-args=mssql-xp-cmdshell.cmd='<CMD>' to change command.)" .. output output = "(Use --script-args=ms-sql-xp-cmdshell.cmd='<CMD>' to change command.)" .. output
else else
output = stdnse.format_output( true, output ) output = stdnse.format_output( true, output )
end end