MS SQL NSE scripts run on database instances, which can be TCP or named
pipes. With this change, all TCP instances on scanned ports will have
script output attached under the port as a portrule script. Named pipe
instances and TCP instances on unscanned ports will be displayed in the
hostrule script output at the end of the host's output. Utility function
mssql.Helper.InitScript makes it easy to write scripts that just work on
a per-instance basis, without bothering where to put the output.
Discovery will be done once per host, regardless of how many scripts are
run, and can be guaranteed to be done before the script's action takes
place.
This one also fixes format string bugs:
stdnse.print_debug(foo) --> stdnse.debug1("%s", foo)
$ sed -i 's/stdnse.print_debug( *\([a-zA-Z0-9][a-zA-Z0-9_]*\) *)/stdnse.debug1("%s", \1)/' *.nse
$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\([a-zA-Z0-9][a-zA-Z0-9_]*\) *)/stdnse.debug\1("%s", \2)/' *.nse
These implementations were all functionally identical. The replacement
has an extra feature of returning the index where the value was found,
currently unused.
ms-sql scripts and library:
- Improved version detection
- Improved server discovery
- Add support for named pipes
- Add support for integrated authentication
- Add support for connecting to instances by name or port
- Improved script and library stability
- Improved script and library documentation
[Patrik Karlsson, Chris Woodbury]
scripts are:
- ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
- ms-sql-config retrieves various configuration details from the server
- ms-sql-empty-password checks if the sa account has an empty password
- ms-sql-hasdbaccess lists database access per user
- ms-sql-query add support for running custom queries against the database
- ms-sql-tables lists databases, tables, columns and datatypes with optional
keyword filtering
- ms-sql-xp-cmdshell adds support for OS command execution to privileged
users
[Patrik]
