r36187 broke auth in mysql.lua (protocol version 10) #596

Closed
cldrn opened this Issue Nov 29, 2016 · 1 comment

Comments

Projects
None yet
2 participants

cldrn commented Nov 29, 2016

I just noticed mysql-brute is not working. Something broke authentication in r36187. Scripts works correctly if I revert to r35858.

Tested on MySQL 5.7.13 using protocol version 10.

PORT STATE SERVICE VERSION
3306/tcp open mysql MySQL 5.7.13-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.13-0ubuntu0.16.04.2
| Thread ID: 150089
| Capabilities flags: 63487
| Some Capabilities: DontAllowDatabaseTableColumn, LongPassword, IgnoreSigpipes, LongColumnFlag, SupportsTransactions, Speaks41ProtocolOld, FoundRows, SupportsCompression, InteractiveClient, Support41Auth, ConnectWithDatabase, ODBCClient, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
| Status: Autocommit
\x04j'D\x19.'>\x13\x0F'^d69\x1C\x00
|_ Auth Plugin Name: 96

@cldrn Thanks for pointing this out! A couple observations, and I hope someone can quickly diagnose:

  1. We also apparently need to strip carriage returns ('\r') from the Salt when reporting that. That's the weird jumbled-up line after "Status: Autocommit"
  2. For future reference, the commit in question is 8c10485, which fixed #529

nmap-bot closed this in 6368236 Nov 29, 2016

@suraj51k suraj51k added a commit to suraj51k/nmap that referenced this issue Jan 31, 2017

@bonsaiviking @suraj51k bonsaiviking + suraj51k Fix parsing salt value for mysql. Fixes #596 6754c38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment