| Current Path : /proc/2/root/usr/share/nmap/scripts/ |
| Current File : //proc/2/root/usr/share/nmap/scripts/ms-sql-query.nse |
description = [[
Runs a query against Microsoft SQL Server (ms-sql).
]]
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
require 'shortport'
require 'stdnse'
require 'mssql'
dependencies = {"ms-sql-brute", "ms-sql-empty-password"}
---
-- @args mssql-query.query specifies the query to run against the server.
-- (default SELECT @@version version)
--
-- @output
-- PORT STATE SERVICE
-- 1433/tcp open ms-sql-s
-- | ms-sql-query:
-- |
-- | Microsoft SQL Server 2005 - 9.00.3068.00 (Intel X86)
-- | Feb 26 2008 18:15:01
-- | Copyright (c) 1988-2005 Microsoft Corporation
-- |_ Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
-- Version 0.1
-- Created 01/17/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
portrule = shortport.port_or_service(1433, "ms-sql-s")
action = function( host, port )
local status, result, helper
local username = nmap.registry.args['mssql.username']
local password = nmap.registry.args['mssql.password'] or ""
-- the tempdb should be a safe guess, anyway the library is set up
-- to continue even if the DB is not accessible to the user
local database = nmap.registry.args['mssql.database'] or "tempdb"
local query = nmap.registry.args['mssql-query.query'] or "SELECT @@version version"
if ( not(username) and nmap.registry.mssqlusers ) then
-- do we have a sysadmin?
if ( nmap.registry.mssqlusers.sa ) then
username = "sa"
password = nmap.registry.mssqlusers.sa
else
-- ok were stuck with some n00b account, just get the first one
for user, pass in pairs(nmap.registry.mssqlusers) do
username = user
password = pass
break
end
end
end
-- If we don't have a valid username, simply fail silently
if ( not(username) ) then
return
end
helper = mssql.Helper:new()
status, result = helper:Connect(host, port)
if ( not(status) ) then
return " \n\n" .. result
end
status, result = helper:Login( username, password, database, host.ip )
if ( not(status) ) then
return " \n\nERROR: " .. result
end
status, result = helper:Query( query )
helper:Disconnect()
if ( not(status) ) then
return " \n\nERROR: " .. result
end
result = mssql.Util.FormatOutputTable( result, true )
if ( not(nmap.registry.args['mssql-query.query']) ) then
table.insert(result, 1, query)
result = stdnse.format_output( true, result )
result = "(Use --script-args=mssql-query.query='<QUERY>' to change query.)" .. result
else
result = stdnse.format_output( true, result )
end
return result
end
Copyright 2K16 - 2K18 Indonesian Hacker Rulez
;?>)