Nmap Development mailing list archives
Re: pgsql-brute and PostgreSQL match lines
From: David Fifield <david () bamsoftware com>
Date: Wed, 17 Feb 2010 10:51:16 -0700
On Sat, Feb 06, 2010 at 11:51:39PM +0100, Patrik Karlsson wrote:
Hi all, I just finished pgsql-brute.nse, a script that allows password guessing against PostgreSQL servers and the supporting pgsql.lua library used for both version 2 and 3 of the protocol.
Thanks, Patrik. I've given it a look. It would be nice if the library could automatically detect the version of the protocol, with an option to unconditionally override it. Otherwise detectVersion is going to be copied into every script. Is this intentional? (The use of username as both user name and database name.) status, response = v.sendStartup(socket, username, username) I'm getting log messages like this: FATAL: unsupported frontend protocol 65363.19778: server supports 1.0 to 3.0 FATAL: no pg_hba.conf entry for host "192.168.0.21", user "versionprobe", database "versionprobe", SSL off FATAL: no pg_hba.conf entry for host "192.168.0.21", user "root", database "root", SSL off FATAL: no pg_hba.conf entry for host "192.168.0.21", user "root", database "root", SSL off FATAL: no pg_hba.conf entry for host "192.168.0.21", user "admin", database "admin", SSL off FATAL: no pg_hba.conf entry for host "192.168.0.21", user "admin", database "admin", SSL off Even if the above code is a bug, I don't know why each user name would be used only twice. It seems like it would be used as many times as there are passwords. You've got a little copy-paste error in a comment: -- Add credentials for other mysql scripts to use Can you tell me what lines to add to a configuration file to make a dummy account for testing the script? The library looks pretty good. Please provide a documentation reference for this magic packet: local data = bin.pack( ">I>I", 8, 80877103) The library uses the openssl library without doing a require call; I'm not sure if that will be a problem. Try running the script after configuring Nmap --without-openssl and make sure it fails gracefully. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 06)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 17)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 20)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 24)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Mar 04)
- Re: pgsql-brute David Fifield (Mar 04)
- Re: pgsql-brute Patrik Karlsson (Mar 04)
- Re: pgsql-brute David Fifield (Mar 04)
- Re: pgsql-brute Patrik Karlsson (Mar 04)
- Re: pgsql-brute and PostgreSQL match lines Patrik Karlsson (Feb 20)
- Re: pgsql-brute and PostgreSQL match lines David Fifield (Feb 17)