Nmap Development mailing list archives
[Fwd: [SCRIPT] DB2 Information gathering script]
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 12 Nov 2009 06:23:36 -0600
The updated version of this script has been committed to SVN. Thanks very much to the folks that tested and sent me feedback, I appreciate it! In the next week or so I will be releasing a script that talks to the DB2 Administrative service and pulls the config without needing credentials. The data looks like this: ;DB2 Server Database Access Profile ;Use BINARY file transfer ;Comment lines start with a ";" ;Other lines must be one of the following two types: ;Type A: [section_name] ;Type B: keyword=value [File_Description] Application=DB2/LINUX 9.7.0 Platform=18 File_Content=DB2 Server Definitions File_Type=CommonServer File_Format_Version=1.0 DB2System=GATEWAY ServerType=DB2LINUX [adminst>dasusr1] NodeType=1 DB2Comm=TCPIP Authentication=SERVER HostName=gateway PortNumber=523 IpAddress=127.0.1.1 [inst>db2inst1] NodeType=1 DB2Comm=TCPIP Authentication=SERVER HostName=gateway ServiceName=db2c_db2inst1 PortNumber=50000 IpAddress=127.0.1.1 QuietMode=No TMDatabase=1ST_CONN [db>db2inst1:TOOLSDB] DBAlias=TOOLSDB DBName=TOOLSDB Drive=/home/db2inst1 Dir_entry_type=INDIRECT Authentication=NOTSPEC -------- Original Message - Sun Nov 08 21:29:51 2009 -------- I have written a NSE script that enhances version detection for DB2. It also gathers platform (OS) and database instance information. It functions in a similar way to the MS SQL script. The script sends a DB2 EXCSAT (exchange server attributes) command packet and parses the response. This is a legitimate DB2 command and, based on my reviews of logs, causes no problems on the server. DB2 does log the connection and the source IP address though. PORT STATE SERVICE VERSION 523/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 50000/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 (QDB2/LINUX) | db2-info: DB2 Version: 9.07.0 | Server Platform: QDB2/LINUX | Instance Name: db2inst1 |_ External Name: db2inst1db2agent000051B3%FED%Y00 In the sample output above the version of the DB2 DAS service on port 523 was detected using nmap-service-probes. Historically, unlike the DAS port on 523, we have been unable to detect the exact version number on the DB2 database instances themselves. There may be multiple DB2 database instances and they typically cluster around port 50000 and 60000. Port 50000 would normally be detected as service "ibm-db2" with a version string "IBM DB2 Database Server". The attached NSE script can now detect the exact version number and platform as well as the instance name for each of the databases. Any testing or feedback with the functionality and structure of the script would be greatly appreciated! Here are my current concerns with the script: 1. Is the default output too verbose? Should I limit the output to the info on the port line by default and add the other lines with -v? 2. The data from the server is encoded in EBCDIC. I am decoding this will what amounts to a lookup table. Is there a more appropriate/efficient way to handle this? 3. I have built the EBCDIC table containing the ASCII chars that we should encounter in this context. Should I go ahead and build out the full ASCII table? (And wow, I am glad we don't use EBCDIC for much.) Thanks much, Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Fwd: [SCRIPT] DB2 Information gathering script] Tom Sellers (Nov 12)
- Re: [Fwd: [SCRIPT] DB2 Information gathering script] Matt Selsky (Nov 12)