File mysql-enum
Script types:
portrule
Categories:
intrusive, brute
Download: http://nmap.org/svn/scripts/mysql-enum.nse
User Summary
Performs valid user enumeration against MySQL server.
Server version 5.x are succeptible to an user enumeration attack due to different messages during login when using old authentication mechanism from versions 4.x and earlier.
Original bug discovered and published by Kingcope: http://seclists.org/fulldisclosure/2012/Dec/9
Script Arguments
mysql-enum.timeout
socket timeout for connecting to MySQL (default 5s)
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.Example Usage
nmap --script=mysql-enum <target>
Script Output
PORT STATE SERVICE REASON 3306/tcp open mysql syn-ack | mysql-enum: | Accounts | admin:<empty> - Valid credentials | test:<empty> - Valid credentials | test_mysql:<empty> - Valid credentials | Statistics |_ Performed 11 guesses in 1 seconds, average tps: 11
Requires
Author: Aleksandar Nikolic
License: Same as Nmap--See http://nmap.org/book/man-legal.html