Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

my-sql-ntlm-info #2572

Closed
AssassinUKG opened this issue Nov 29, 2022 · 5 comments
Closed

my-sql-ntlm-info #2572

AssassinUKG opened this issue Nov 29, 2022 · 5 comments
Labels

Comments

@AssassinUKG
Copy link

AssassinUKG commented Nov 29, 2022

Describe the bug
The scrip fails with an iterator error in a .lua script

Error: [C]: in for iterator 'for iterator'

To Reproduce
Testing on hackthebox network p.0.0 (following guide and same commands)

sudo nmap -sC -sV --min-rate=1000 -T4 10.13.38.11 -v -p 1433 --script ms-sql-ntlm-info -d
NSE: [ms-sql-ntlm-info 10.13.38.11:1433] brandedVersion: 2005, #lookup: 5
NSE: [ms-sql-ntlm-info 10.13.38.11:1433] brandedVersion: 2017, #lookup: 40
NSE: Starting ms-sql-ntlm-info against 10.13.38.11:1433.
NSE: ms-sql-ntlm-info against 10.13.38.11:1433 threw an error!
attempt to index a nil value
stack traceback:
[C]: in for iterator 'for iterator'
/usr/bin/../share/nmap/nselib/mssql.lua:3334: in function </usr/bin/../share/nmap/nselib/mssql.lua:3327>
(...tail calls...)

Completed NSE at 16:21, 5.10s elapsed

Expected behavior
To show the same results as everyone esle.

This..

1433/tcp open ms-sql-s Microsoft SQL Server 14.00.1000.00
| ms-sql-ntlm-info:
| Target_Name: POO
| NetBIOS_Domain_Name: POO
| NetBIOS_Computer_Name: COMPATIBILITY
| DNS_Domain_Name: intranet.poo
| DNS_Computer_Name: COMPATIBILITY.intranet.poo
| DNS_Tree_Name: intranet.poo
|_ Product_Version: 10.0.14393
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2018-04-02T16:10:49
|_Not valid after: 2048-04-02T16:10:49
|_ssl-date: 2018-04-03T01:54:00+00:00; -4s from scanner time.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Version info (please complete the following information):

  • OS: [e.g. Linux 4.15, Windows 10 1909]

  • Output of nmap --version:
    Nmap version 7.93 ( https://nmap.org )
    Platform: x86_64-pc-linux-gnu
    Compiled with: liblua-5.3.6 openssl-3.0.7 libssh2-1.10.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
    Compiled without:
    Available nsock engines: epoll poll select

  • Output of nmap --iflist
    Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-29 16:24 GMT
    INTERFACES
    DEV (SHORT) IP/MASK TYPE UP MTU MAC
    lo (lo) 127.0.0.1/8 loopback up 65536
    lo (lo) ::1/128 loopback up 65536
    eth0 (eth0) 192.168.1.243/24 ethernet up 1500 08:00:27:67:A7:AE
    eth0 (eth0) fe80::a00:27ff:fe67:a7ae/64 ethernet up 1500 08:00:27:67:A7:AE
    eth1 (eth1) (none)/0 ethernet up 1500 08:00:27:67:A7:AE
    docker0 (docker0) 172.17.0.1/16 ethernet up 1500 02:42:2D:65:4C:D5
    tun0 (tun0) 10.10.17.119/22 point2point up 1500
    tun0 (tun0) dead:beef:4::1175/64 point2point up 1500
    tun0 (tun0) fe80::5b2c:7816:b5e6:88c7/64 point2point up 1500

ROUTES
DST/MASK DEV METRIC GATEWAY
10.13.38.0/24 tun0 0 10.10.16.1
192.168.1.0/24 eth0 101
10.10.16.0/22 tun0 0
10.129.0.0/16 tun0 0 10.10.16.1
172.17.0.0/16 docker0 0
0.0.0.0/0 eth0 101 192.168.1.254
::1/128 lo 0
dead:beef:4::1175/128 tun0 0
fe80::a00:27ff:fe67:a7ae/128 eth0 0
fe80::5b2c:7816:b5e6:88c7/128 tun0 0
::1/128 lo 256
dead:beef:4::/64 tun0 256
fe80::/64 tun0 256
dead:beef::/64 tun0 1024
fe80::/64 eth0 1024
ff00::/8 eth0 256
ff00::/8 tun0 256

Additional context
Normal connection to hackthebox on VPN.

@AssassinUKG
Copy link
Author

Seems to be specifically a HTB issue with there IP routing or simular

@Reelix
Copy link

Reelix commented Mar 3, 2023

It should be noted that this is a regression from 7.92 where it works as expected.

To demonstrate this, I copied the ms-sql-ntlm-info.nse file from 7.92, renamed it, and ran it using 7.93

// ms-sql-ntlm-info.nse from 7.93
C:\Nmap>nmap -p1433 10.10.11.202 --script ms-sql-ntlm-info
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 15:21 South Africa Standard Time
NSOCK ERROR [0.0290s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds

// ms-sql-ntlm-info.nse from 7.92
C:\Nmap>nmap -p1433 10.10.11.202 --script ms-sql-ntlm-info-7.92
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 15:22 South Africa Standard Time
NSOCK ERROR [0.0290s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
| ms-sql-ntlm-info-7.92:
|   Target_Name: sequel
|   NetBIOS_Domain_Name: sequel
|   NetBIOS_Computer_Name: DC
|   DNS_Domain_Name: sequel.htb
|   DNS_Computer_Name: dc.sequel.htb
|   DNS_Tree_Name: sequel.htb
|_  Product_Version: 10.0.17763

Nmap done: 1 IP address (1 host up) scanned in 1.04 seconds

As such, this issue should be re-opened.

@fyodor
Copy link
Member

fyodor commented Apr 3, 2023

Re-opening per latest feedback from @Reelix

@fyodor fyodor reopened this Apr 3, 2023
@iasdeoupxe
Copy link

While this issue is older it looks like #2622 could be a duplicate and a patch within it is available which could fix this as well.

@nnposter
Copy link

nnposter commented Jul 4, 2024

The issue has been likely rectified by a recent commit.

@nnposter nnposter closed this as completed Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants