Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r36187 broke auth in mysql.lua (protocol version 10) #596

Closed
cldrn opened this issue Nov 29, 2016 · 1 comment
Closed

r36187 broke auth in mysql.lua (protocol version 10) #596

cldrn opened this issue Nov 29, 2016 · 1 comment

Comments

@cldrn
Copy link
Member

cldrn commented Nov 29, 2016

I just noticed mysql-brute is not working. Something broke authentication in r36187. Scripts works correctly if I revert to r35858.

Tested on MySQL 5.7.13 using protocol version 10.

PORT STATE SERVICE VERSION
3306/tcp open mysql MySQL 5.7.13-0ubuntu0.16.04.2
| mysql-info:
| Protocol: 10
| Version: 5.7.13-0ubuntu0.16.04.2
| Thread ID: 150089
| Capabilities flags: 63487
| Some Capabilities: DontAllowDatabaseTableColumn, LongPassword, IgnoreSigpipes, LongColumnFlag, SupportsTransactions, Speaks41ProtocolOld, FoundRows, SupportsCompression, InteractiveClient, Support41Auth, ConnectWithDatabase, ODBCClient, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
| Status: Autocommit
\x04j'D\x19.'>\x13\x0F'^d69\x1C\x00
|_ Auth Plugin Name: 96

@dmiller-nmap
Copy link

@cldrn Thanks for pointing this out! A couple observations, and I hope someone can quickly diagnose:

  1. We also apparently need to strip carriage returns ('\r') from the Salt when reporting that. That's the weird jumbled-up line after "Status: Autocommit"
  2. For future reference, the commit in question is 8c10485, which fixed wrongfully reading version #529

suraj51k pushed a commit to suraj51k/nmap that referenced this issue Jan 31, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants