- Penetration- and Application-security testing
- Application & System security reviews
- Incident response and IT-forensics
- Security training

If your interested or have any questions contact me directly or send an e-mail to jobs[at]inspectit[dot]se

• snmp-netstat shows listening and connected sockets
• snmp-processes shows process information including name, pid, path and parameters
• snmp-win32-services shows the names of running Windows services
• snmp-win32-shares shows the names and path of Windows shares
• snmp-win32-software shows a list of installed Windows software
• snmp-win32-users shows a list of local Windows users

Make sure to check them out over at insecure.org. In order to use them you need to check out the development sources from subversion. More info on that over here.

I’ve also added two more scripts that make use of the library nfs-get-stats and nfs-get-dirlist. The first retrieves disk usage for each export and the second lists files on a share. They’re both available from the nmap-scripts page as usual.

While messing around with the library I also cleaned up the code for mysql-brute and mysql-empty-password. All of the scripts that query the database obviously require credentials to do so. These can be provided on the command line using script arguments mysqluser and mysqlpassword or by running the mysql-brute or mysql-empty-password on the same time. There are dependencies set up so that the query scripts wait until these two scripts have collected the credentials. Here’s some sample output from the scripts …

Starting Nmap 5.20 ( http://nmap.org ) at 2010-01-23 22:46 CET
NSE: Starting runlevel 2 (of 2) scan.
NSE: Script Scanning completed.
Nmap scan report for bubba (1.2.3.4)
Host is up (0.0044s latency).
PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-empty-password:
|_  root account has empty password
| mysql-brute:
|   root:<empty> => Login Correct
|_  test:test => Login Correct
| mysql-list-users:
|   test
|   root
|   test2
|   album
|   debian-sys-maint
|   horde
|   mediatomb
|_  squeezecenter
| mysql-list-databases:
|   information_schema
|   mysql
|   horde
|   album
|   mediatomb
|_  squeezecenter
| mysql-show-variables:
|   auto_increment_increment: 1
|   auto_increment_offset: 1
|   automatic_sp_privileges: ON
|   back_log: 50
|   basedir: /usr/
|   binlog_cache_size: 32768
|   bulk_insert_buffer_size: 8388608
|   character_set_client: latin1
|   character_set_connection: latin1
|   character_set_database: latin1
|   character_set_filesystem: binary
|   character_set_results: latin1
|   character_set_server: latin1
|   character_set_system: utf8
|   character_sets_dir: /usr/share/mysql/charsets/
|   collation_connection: latin1_swedish_ci
|   collation_database: latin1_swedish_ci
|   collation_server: latin1_swedish_ci
|   completion_type: 0
|   concurrent_insert: 1
|   connect_timeout: 5
|   datadir: /var/lib/mysql/
|   date_format: %Y-%m-%d
|   datetime_format: %Y-%m-%d %H:%i:%s
|   default_week_format: 0
|   delay_key_write: ON
|   delayed_insert_limit: 100
|   delayed_insert_timeout: 300
|   delayed_queue_size: 1000
|   div_precision_increment: 4
|   keep_files_on_create: OFF
|   engine_condition_pushdown: OFF
|   expire_logs_days: 10
|   flush: OFF
|   flush_time: 0
|   ft_boolean_syntax: + -><()~*:”"&|
|   ft_max_word_len: 84
|   ft_min_word_len: 4
|   ft_query_expansion_limit: 20
|   ft_stopword_file: (built-in)
|   group_concat_max_len: 1024
|   have_archive: YES
|   have_bdb: NO
|   have_blackhole_engine: YES
|   have_compress: YES
|   have_crypt: YES
|   have_csv: YES
|   have_dynamic_loading: YES
|   have_example_engine: NO
|   have_federated_engine: YES
|   have_geometry: YES
|   have_innodb: DISABLED
|   have_isam: NO
|   have_merge_engine: YES
|   have_ndbcluster: DISABLED
|   have_openssl: DISABLED
|   have_ssl: DISABLED
|   have_query_cache: YES
|   have_raid: NO
|   have_rtree_keys: YES
|   have_symlink: YES
|   hostname: bubba
|   init_connect:
|   init_file:
|   init_slave:
|   innodb_additional_mem_pool_size: 1048576
|   innodb_autoextend_increment: 8
|   innodb_buffer_pool_awe_mem_mb: 0
|   innodb_buffer_pool_size: 8388608
|   innodb_checksums: ON
|   innodb_commit_concurrency: 0
|   innodb_concurrency_tickets: 500
|   innodb_data_file_path:
|   innodb_data_home_dir:
|   innodb_doublewrite: ON
|   innodb_fast_shutdown: 1
|   innodb_file_io_threads: 4
|   innodb_file_per_table: OFF
|   innodb_flush_log_at_trx_commit: 1
|   innodb_flush_method:
|   innodb_force_recovery: 0
|   innodb_lock_wait_timeout: 50
|   innodb_locks_unsafe_for_binlog: OFF
|   innodb_log_arch_dir:
|   innodb_log_archive: OFF
|   innodb_log_buffer_size: 1048576
|   innodb_log_file_size: 5242880
|   innodb_log_files_in_group: 2
|   innodb_log_group_home_dir:
|   innodb_max_dirty_pages_pct: 90
|   innodb_max_purge_lag: 0
|   innodb_mirrored_log_groups: 1
|   innodb_open_files: 300
|   innodb_rollback_on_timeout: OFF
|   innodb_support_xa: ON
|   innodb_sync_spin_loops: 20
|   innodb_table_locks: ON
|   innodb_thread_concurrency: 8
|   innodb_thread_sleep_delay: 10000
|   interactive_timeout: 28800
|   join_buffer_size: 131072
|   key_buffer_size: 16777216
|   key_cache_age_threshold: 300
|   key_cache_block_size: 1024
|   key_cache_division_limit: 100
|   language: /usr/share/mysql/english/
|   large_files_support: ON
|   large_page_size: 0
|   large_pages: OFF
|   lc_time_names: en_US
|   license: GPL
|   local_infile: ON
|   locked_in_memory: OFF
|   log: OFF
|   log_bin: OFF
|   log_bin_trust_function_creators: OFF
|   log_error:
|   log_queries_not_using_indexes: OFF
|   log_slave_updates: OFF
|   log_slow_queries: OFF
|   log_warnings: 1
|   long_query_time: 10
|   low_priority_updates: OFF
|   lower_case_file_system: OFF
|   lower_case_table_names: 0
|   max_allowed_packet: 16776192
|   max_binlog_cache_size: 4294967295
|   max_binlog_size: 104857600
|   max_connect_errors: 10
|   max_connections: 100
|   max_delayed_threads: 20
|   max_error_count: 64
|   max_heap_table_size: 16777216
|   max_insert_delayed_threads: 20
|   max_join_size: 18446744073709551615
|   max_length_for_sort_data: 1024
|   max_prepared_stmt_count: 16382
|   max_relay_log_size: 0
|   max_seeks_for_key: 4294967295
|   max_sort_length: 1024
|   max_sp_recursion_depth: 0
|   max_tmp_tables: 32
|   max_user_connections: 0
|   max_write_lock_count: 4294967295
|   multi_range_count: 256
|   myisam_data_pointer_size: 6
|   myisam_max_sort_file_size: 2147483647
|   myisam_recover_options: BACKUP
|   myisam_repair_threads: 1
|   myisam_sort_buffer_size: 8388608
|   myisam_stats_method: nulls_unequal
|   ndb_autoincrement_prefetch_sz: 32
|   ndb_force_send: ON
|   ndb_use_exact_count: ON
|   ndb_use_transactions: ON
|   ndb_cache_check_time: 0
|   ndb_connectstring:
|   net_buffer_length: 16384
|   net_read_timeout: 30
|   net_retry_count: 10
|   net_write_timeout: 60
|   new: OFF
|   old_passwords: OFF
|   open_files_limit: 1024
|   optimizer_prune_level: 1
|   optimizer_search_depth: 62
|   pid_file: /var/run/mysqld/mysqld.pid
|   port: 3306
|   preload_buffer_size: 32768
|   profiling: OFF
|   profiling_history_size: 15
|   protocol_version: 10
|   query_alloc_block_size: 8192
|   query_cache_limit: 1048576
|   query_cache_min_res_unit: 4096
|   query_cache_size: 16777216
|   query_cache_type: ON
|   query_cache_wlock_invalidate: OFF
|   query_prealloc_size: 8192
|   range_alloc_block_size: 2048
|   read_buffer_size: 131072
|   read_only: OFF
|   read_rnd_buffer_size: 262144
|   relay_log_purge: ON
|   relay_log_space_limit: 0
|   rpl_recovery_rank: 0
|   secure_auth: OFF
|   secure_file_priv:
|   server_id: 0
|   skip_external_locking: ON
|   skip_networking: OFF
|   skip_show_database: OFF
|   slave_compressed_protocol: OFF
|   slave_load_tmpdir: /tmp/
|   slave_net_timeout: 3600
|   slave_skip_errors: OFF
|   slave_transaction_retries: 10
|   slow_launch_time: 2
|   socket: /var/run/mysqld/mysqld.sock
|   sort_buffer_size: 2097144
|   sql_big_selects: ON
|   sql_mode:
|   sql_notes: ON
|   sql_warnings: OFF
|   ssl_ca:
|   ssl_capath:
|   ssl_cert:
|   ssl_cipher:
|   ssl_key:
|   storage_engine: MyISAM
|   sync_binlog: 0
|   sync_frm: ON
|   system_time_zone: CET
|   table_cache: 64
|   table_lock_wait_timeout: 50
|   table_type: MyISAM
|   thread_cache_size: 8
|   thread_stack: 131072
|   time_format: %H:%i:%s
|   time_zone: SYSTEM
|   timed_mutexes: OFF
|   tmp_table_size: 33554432
|   tmpdir: /tmp
|   transaction_alloc_block_size: 8192
|   transaction_prealloc_size: 4096
|   tx_isolation: REPEATABLE-READ
|   updatable_views_with_limit: YES
|   version: 5.0.51a-17~bpo40+1
|   version_comment: (Debian)
|   version_compile_machine: powerpc
|   version_compile_os: debian-linux-gnu
|_  wait_timeout: 28800

Here’s a sample output when running against the Firefly Media Server:

| daap-get-library:
|   BUBBA|TWO
|     Fever Ray
|       Fever Ray (Deluxe Edition)
|         Concrete Walls
|         I’m Not Done
|         Here Before
|         Now’s The Only Time I Know
|         Stranger Than Kindness
|         Dry And Dusty
|         Keep The Streets Empty For Me
|         Triangle Walks
|         If I Had A Heart
|         Seven
|         When I Grow Up
|_       Coconut