Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ms-sql-info #2571

Closed
AssassinUKG opened this issue Nov 29, 2022 · 5 comments
Closed

ms-sql-info #2571

AssassinUKG opened this issue Nov 29, 2022 · 5 comments
Labels

Comments

@AssassinUKG
Copy link

Describe the bug
Having an issue using the script due to the iterator issue as seem below

To Reproduce
Run cmd

Testing against a small network on HackTheBox (P.0.0)

sudo nmap -sC -sV --min-rate=1000 -T4 10.13.38.11 -v -p 1433 --script ms-sql-info -d

Error

NSE: ms-sql-info against 10.13.38.11:1433 threw an error!
attempt to index a nil value
stack traceback:
        [C]: in for iterator 'for iterator'
        /usr/bin/../share/nmap/nselib/mssql.lua:3334: in function </usr/bin/../share/nmap/nselib/mssql.lua:3327>
        (...tail calls...)

Expected behavior
The expected results are...

1433/tcp open  ms-sql-s Microsoft SQL Server  14.00.1000.00
| ms-sql-ntlm-info: 
|   Target_Name: POO
|   NetBIOS_Domain_Name: POO
|   NetBIOS_Computer_Name: COMPATIBILITY
|   DNS_Domain_Name: intranet.poo
|   DNS_Computer_Name: COMPATIBILITY.intranet.poo
|   DNS_Tree_Name: intranet.poo
|_  Product_Version: 10.0.14393
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2018-04-02T16:10:49
|_Not valid after:  2048-04-02T16:10:49
|_ssl-date: 2018-04-03T01:54:00+00:00; -4s from scanner time.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Version info (please complete the following information):

  • OS: [e.g. Linux 4.15, Windows 10 1909]: Kali latest

  • Output of nmap --version:
    Nmap version 7.93 ( https://nmap.org )
    Platform: x86_64-pc-linux-gnu
    Compiled with: liblua-5.3.6 openssl-3.0.7 libssh2-1.10.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
    Compiled without:
    Available nsock engines: epoll poll select

  • Output of nmap --iflist
    Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-29 16:06 GMT
    INTERFACES
    DEV (SHORT) IP/MASK TYPE UP MTU MAC
    lo (lo) 127.0.0.1/8 loopback up 65536
    lo (lo) ::1/128 loopback up 65536
    eth0 (eth0) 192.168.1.243/24 ethernet up 1500 08:00:27:67:A7:AE
    eth0 (eth0) fe80::a00:27ff:fe67:a7ae/64 ethernet up 1500 08:00:27:67:A7:AE
    eth1 (eth1) (none)/0 ethernet up 1500 08:00:27:67:A7:AE
    docker0 (docker0) 172.17.0.1/16 ethernet up 1500 02:42:F4:63:4B:BF
    tun0 (tun0) 10.10.17.119/22 point2point up 1500
    tun0 (tun0) dead:beef:4::1175/64 point2point up 1500
    tun0 (tun0) fe80::c558:b328:83c2:f58f/64 point2point up 1500

ROUTES
DST/MASK DEV METRIC GATEWAY
10.13.38.0/24 tun0 0 10.10.16.1
192.168.1.0/24 eth0 101
10.10.16.0/22 tun0 0
10.129.0.0/16 tun0 0 10.10.16.1
172.17.0.0/16 docker0 0
0.0.0.0/0 eth0 101 192.168.1.254
::1/128 lo 0
dead:beef:4::1175/128 tun0 0
fe80::a00:27ff:fe67:a7ae/128 eth0 0
fe80::c558:b328:83c2:f58f/128 tun0 0
::1/128 lo 256
dead:beef:4::/64 tun0 256
fe80::/64 tun0 256
dead:beef::/64 tun0 1024
fe80::/64 eth0 1024
ff00::/8 eth0 256
ff00::/8 tun0 256

Additional context
Connected to HTB network via VPN

@Reelix
Copy link

Reelix commented Mar 3, 2023

It should be noted that this is a regression from 7.92 where it works as expected.

To demonstrate this, I copied the ms-sql-info.nse file from 7.92, renamed it, and ran it using 7.93

// ms-sql-info that comes with 7.93
C:\Nmap>nmap --script ms-sql-info 10.10.11.202 -p1433
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 14:54 South Africa Standard Time
NSOCK ERROR [0.0290s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds

// ms-sql-info that comes with 7.92
C:\Nmap>nmap --script ms-sql-info-7.92 10.10.11.202 -p1433
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 14:54 South Africa Standard Time
NSOCK ERROR [0.0280s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s

Host script results:
| ms-sql-info-7.92:
|   10.10.11.202:1433:
|     Version:
|       name: Microsoft SQL Server 2019 RTM
|       number: 15.00.2000.00
|       Product: Microsoft SQL Server 2019
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433

Nmap done: 1 IP address (1 host up) scanned in 6.38 seconds

Due to this, this issue should be re-opened.

@fyodor
Copy link
Member

fyodor commented Apr 3, 2023

Re-opening per latest feedback from @Reelix

@fyodor fyodor reopened this Apr 3, 2023
@TheProdigyLeague

This comment was marked as off-topic.

@iasdeoupxe
Copy link

While this issue is older it looks like #2622 could be a duplicate and a patch within it is available which could fix this as well.

@nnposter
Copy link

nnposter commented Jul 4, 2024

The issue has been likely rectified by a recent commit.

@nnposter nnposter closed this as completed Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

6 participants