| Current Path : /proc/2/root/usr/share/nmap/scripts/ |
| Current File : //proc/2/root/usr/share/nmap/scripts/ms-sql-config.nse |
description = [[
Queries Microsoft SQL Server (ms-sql) for a list of databases, linked
servers, and configuration settings.
]]
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
require 'shortport'
require 'stdnse'
require 'mssql'
dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
---
-- @args mssql.username specifies the username to use to connect to
-- the server. This option overrides any accounts found by
-- the mssql-brute and mssql-empty-password scripts.
--
-- @args mssql.password specifies the password to use to connect to
-- the server. This option overrides any accounts found by
-- the mssql-brute and mssql-empty-password scripts.
--
-- @args mssql-config.showall if set shows all configuration options.
--
-- @output
-- PORT STATE SERVICE
-- 1433/tcp open ms-sql-s
-- | ms-sql-config:
-- | Databases
-- | name db_size owner
-- | ==== ======= =====
-- | nmap 2.74 MB MAC-MINI\david
-- | Configuration
-- | name value inuse description
-- | ==== ===== ===== ===========
-- | SQL Mail XPs 0 0 Enable or disable SQL Mail XPs
-- | Database Mail XPs 0 0 Enable or disable Database Mail XPs
-- | SMO and DMO XPs 1 1 Enable or disable SMO and DMO XPs
-- | Ole Automation Procedures 0 0 Enable or disable Ole Automation Procedures
-- | xp_cmdshell 0 0 Enable or disable command shell
-- | Ad Hoc Distributed Queries 0 0 Enable or disable Ad Hoc Distributed Queries
-- | Replication XPs 0 0 Enable or disable Replication XPs
-- | Linked Servers
-- | srvname srvproduct providername
-- | ======= ========== ============
-- |_ MAC-MINI SQL Server SQLOLEDB
-- Version 0.1
-- Created 04/02/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port )
local status, helper, response
local username = nmap.registry.args['mssql.username']
local password = nmap.registry.args['mssql.password'] or ""
local result, result_part = {}, {}
local conf_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE configuration_id > 16384"
local db_filter = ( nmap.registry.args['mssql-config.showall'] ) and "" or " WHERE name NOT IN ('master','model','tempdb','msdb')"
local queries = {
[2]={ ["Configuration"] = [[ SELECT name,
cast(value as varchar) value,
cast(value_in_use as varchar) inuse,
description
FROM sys.configurations ]] .. conf_filter },
[3]={ ["Linked Servers"] = [[ SELECT srvname, srvproduct, providername
FROM master..sysservers
WHERE srvid > 0 ]] },
[1]={ ["Databases"] = [[ CREATE TABLE #nmap_dbs(name varchar(255), db_size varchar(255), owner varchar(255),
dbid int, created datetime, status varchar(512), compatibility_level int )
INSERT INTO #nmap_dbs EXEC sp_helpdb
SELECT name, db_size, owner
FROM #nmap_dbs ]] .. db_filter .. [[
DROP DATABASE #nmap_dbs ]] }
}
if ( not(username) and nmap.registry.mssqlusers ) then
-- do we have a sysadmin?
if ( nmap.registry.mssqlusers.sa ) then
username = "sa"
password = nmap.registry.mssqlusers.sa
else
-- ok were stuck with some non sysadmin account, just get the first one
for user, pass in pairs(nmap.registry.mssqlusers) do
username = user
password = pass
break
end
end
end
-- If we don't have a valid username, simply fail silently
if ( not(username) ) then
return
end
helper = mssql.Helper:new()
status, response = helper:Connect(host, port)
if ( not(status) ) then
return " \n\n" .. response
end
status, response = helper:Login( username, password, nil, host.ip )
if ( not(status) ) then
return " \n\nERROR: " .. response
end
for _, v in ipairs( queries ) do
for header, query in pairs(v) do
status, result_part = helper:Query( query )
if ( not(status) ) then
return " \n\nERROR: " .. result_part
end
result_part = mssql.Util.FormatOutputTable( result_part, true )
result_part.name = header
table.insert( result, result_part )
end
end
helper:Disconnect()
return stdnse.format_output( true, result )
end
Copyright 2K16 - 2K18 Indonesian Hacker Rulez
;?>)