PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity
Files
3915ed94e46c4c30e785e485d283b0fdecc3a497
nmap/scripts/ms-sql-brute.nse
david 3915ed94e4 Remove explicit timelimit checking from ms-sql-brute, pgsql-brute, 
mysql-brute, ldap-brute, and afp-brute. The unpwdb library does this
automatically now.
2010-04-16 02:11:12 +00:00

83 lines
2.0 KiB
Lua
Raw Blame History

description = [[
Performs password guessing against Microsoft SQL Server (mssql)
]]
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "intrusive"}
require 'shortport'
require 'stdnse'
require 'mssql'
require 'unpwdb'
---
--
-- @output
-- PORT STATE SERVICE
-- 1433/tcp open ms-sql-s
-- | mssql-brute:
-- | webshop_reader:secret => Login Success
-- | testuser:secret1234 => Must change password at next logon
-- |_ lordvader:secret1234 => Login Success
--
--
-- Version 0.1
-- Created 01/17/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port )
local result, response, status = {}, nil, nil
local valid_accounts = {}
local usernames, passwords
local username, password
local helper = mssql.Helper:new()
status, usernames = unpwdb.usernames()
if ( not(status) ) then
return " \n\nFailed to load usernames.lst"
end
status, passwords = unpwdb.passwords()
if ( not(status) ) then
return " \n\nFailed to load usernames.lst"
end
for username in usernames do
for password in passwords do
status, result = helper:Connect(host, port)
if( not(status) ) then
return " \n\n" .. result
end
stdnse.print_debug( "Trying %s/%s ...", username, password )
status, result = helper:Login( username, password, "tempdb", host.ip )
helper:Disconnect()
if status then
-- Add credentials for other mysql scripts to use
table.insert( valid_accounts, string.format("%s:%s => %s", username, password:len()>0 and password or "<empty>", result ) )
-- don't add accounts that need to change passwords to the registry
if ( result ~= "Login Success") then
break
end
if nmap.registry.mssqlusers == nil then
nmap.registry.mssqlusers = {}
end
nmap.registry.mssqlusers[username]=password
break
end
end
passwords("reset")
end
local output = stdnse.format_output(true, valid_accounts)
return output
end
Reference in New Issue View Git Blame Copy Permalink