New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r36187 broke auth in mysql.lua (protocol version 10) #596

Closed
cldrn opened this Issue Nov 29, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@cldrn
Member

cldrn commented Nov 29, 2016

I just noticed mysql-brute is not working. Something broke authentication in r36187. Scripts works correctly if I revert to r35858.

Tested on MySQL 5.7.13 using protocol version 10.

PORT STATE SERVICE VERSION
3306/tcp open mysql MySQL 5.7.13-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.13-0ubuntu0.16.04.2
| Thread ID: 150089
| Capabilities flags: 63487
| Some Capabilities: DontAllowDatabaseTableColumn, LongPassword, IgnoreSigpipes, LongColumnFlag, SupportsTransactions, Speaks41ProtocolOld, FoundRows, SupportsCompression, InteractiveClient, Support41Auth, ConnectWithDatabase, ODBCClient, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
| Status: Autocommit
\x04j'D\x19.'>\x13\x0F'^d69\x1C\x00
|_ Auth Plugin Name: 96

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Nov 29, 2016

@cldrn Thanks for pointing this out! A couple observations, and I hope someone can quickly diagnose:

  1. We also apparently need to strip carriage returns ('\r') from the Salt when reporting that. That's the weird jumbled-up line after "Status: Autocommit"
  2. For future reference, the commit in question is 8c10485, which fixed #529

dmiller-nmap commented Nov 29, 2016

@cldrn Thanks for pointing this out! A couple observations, and I hope someone can quickly diagnose:

  1. We also apparently need to strip carriage returns ('\r') from the Salt when reporting that. That's the weird jumbled-up line after "Status: Autocommit"
  2. For future reference, the commit in question is 8c10485, which fixed #529

@nmap-bot nmap-bot closed this in 6368236 Nov 29, 2016

suraj51k added a commit to suraj51k/nmap that referenced this issue Jan 31, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment