Nmap Development mailing list archives
Re: [NSE Script] MySQL Server Information
From: sawall <sawall () gmail com>
Date: Tue, 18 Dec 2007 18:59:44 -0600
My comment would be that a brute-force may or may not be necessary. If it were included, it could be enabled via an argument or a separate app could be run against MS SQL or MySQL. As mentioned before, a brute-force attack could take some time and really slow things down. I was thinking more along the lines to just check for a few simple passwords, like defaults and a few common ones (i.e., _blank_, password, admin, etc). This also could be disabled/enabled via an argument for those who just wanted to gather server/version info. I think the outcome of all of this will be good though! chris On Dec 18, 2007 6:53 PM, Brandon Enright <bmenrigh () ucsd edu> wrote:
This is an interesting idea. You can accomplish what you described above with a few hacks using the registry (may take more than one script though). Along those lines, I'd like to be able to exclude scripts by category. For example, we've already had several people hung up on bruteTelnet.nse. I'd like a couple of categories to be added like "slow" and "brute-force". Then, I can run "all" scripts while still not running certain ones like so: nmap ... --script=all --no-script=brute-force ... Sometimes I want to run some intrusive scripts and not others. As we get more and more scripts, it becomes harder to list the right scripts and categories without also including ones you don't want. Brandon
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE Script] MySQL Server Information, (continued)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 17)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Thomas Buchanan (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Brandon Enright (Dec 18)
- Re: [NSE Script] MySQL Server Information sawall (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Kris Katterjohn (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- Re: [NSE Script] MySQL Server Information Fyodor (Dec 18)
- Re: [NSE Script] MySQL Server Information jah (Dec 18)
- RE: [NSE Script] MySQL Server Information Rob Nicholls (Dec 18)