Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

r36187 broke auth in mysql.lua (protocol version 10) #596

cldrn opened this Issue Nov 29, 2016 · 1 comment


None yet
2 participants

cldrn commented Nov 29, 2016

I just noticed mysql-brute is not working. Something broke authentication in r36187. Scripts works correctly if I revert to r35858.

Tested on MySQL 5.7.13 using protocol version 10.

3306/tcp open mysql MySQL 5.7.13-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.13-0ubuntu0.16.04.2
| Thread ID: 150089
| Capabilities flags: 63487
| Some Capabilities: DontAllowDatabaseTableColumn, LongPassword, IgnoreSigpipes, LongColumnFlag, SupportsTransactions, Speaks41ProtocolOld, FoundRows, SupportsCompression, InteractiveClient, Support41Auth, ConnectWithDatabase, ODBCClient, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
| Status: Autocommit
|_ Auth Plugin Name: 96

@cldrn Thanks for pointing this out! A couple observations, and I hope someone can quickly diagnose:

  1. We also apparently need to strip carriage returns ('\r') from the Salt when reporting that. That's the weird jumbled-up line after "Status: Autocommit"
  2. For future reference, the commit in question is 8c10485, which fixed #529

@nmap-bot nmap-bot closed this in 6368236 Nov 29, 2016

suraj51k added a commit to suraj51k/nmap that referenced this issue Jan 31, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment