Nmap Development mailing list archives
Re: [NSE Script] MySQL Server Information
From: Fyodor <fyodor () insecure org>
Date: Tue, 18 Dec 2007 15:09:18 -0800
On Tue, Dec 18, 2007 at 06:49:08PM -0000, Rob Nicholls wrote:
The "sa" account (often setup with a blank password because the setup file for 2000 doesn't make much effort to stop you) is a default account used by MS SQL, not MySQL, so any checks would go into an MSSQL script (Thomas has already written a "Microsoft SQL Server information gathering script"). A check for a blank password might be okay (and possibly the password "sa"?),
Thanks for the info.
but nmap probably isn't the best place to test for passwords, and I suspect people would like to avoid accidentally locking out accounts or potentially cause a denial of service (for any service).
We have categories to deal with this issue. So a DB password checking script would be good to have, but probably shouldn't be in the "safe" category. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE Script] MySQL Server Information, (continued)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
- Re: [NSE Script] MySQL Server Information Thomas Buchanan (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)