PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity
Files
1d26975ede05ffd0d17f8fa4e1784cfca5e62eab
nmap/scripts/ms-sql-empty-password.nse
patrik 1d26975ede o [NSE] Added a library for Microsoft SQL Server and 7 new scripts. The new 
scripts are:
  - ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
  - ms-sql-config retrieves various configuration details from the server		
  - ms-sql-empty-password checks if the sa account has an empty password
  - ms-sql-hasdbaccess lists database access per user
  - ms-sql-query add support for running custom queries against the database
  - ms-sql-tables lists databases, tables, columns and datatypes with optional
    keyword filtering
  - ms-sql-xp-cmdshell adds support for OS command execution to privileged
    users
  [Patrik]
2010-04-04 10:11:54 +00:00

53 lines
1.2 KiB
Lua
Raw Blame History

description = [[
Attempts to authenticate using an empty password for the sysadmin (sa) account.
]]
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth","intrusive"}
require 'shortport'
require 'stdnse'
require 'mssql'
---
--
-- @output
-- PORT STATE SERVICE
-- 1433/tcp open ms-sql-s
-- | mssql-empty-password:
-- |_ sa:<empty> => Login Correct
--
--
-- Version 0.1
-- Created 01/17/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port )
local helper, status, result
local username, password, database, valid_accounts = "sa", "", "tempdb", {}
helper = mssql.Helper:new()
status, result = helper:Connect(host, port)
if( not(status) ) then
return " \n\n" .. result
end
status, result = helper:Login( username, password, database, host.ip )
helper:Disconnect()
if status then
nmap.registry.mssqlusers = nmap.registry.mssqlusers or {}
nmap.registry.mssqlusers[username]=password
table.insert( valid_accounts, string.format("%s:%s => Login Success", username, password:len()>0 and password or "<empty>" ) )
end
return stdnse.format_output(true, valid_accounts)
end
Reference in New Issue View Git Blame Copy Permalink