HOME>>>>>>>>>

File `ms-sql-dump-hashes`

脚本使用类型: hostrule, portrule
脚本所属分类: auth, discovery, safe
脚本下载地址: http://nmap.org/svn/scripts/ms-sql-dump-hashes.nse

User Summary

Dumps the password hashes from an MS-SQL server in a format suitable for cracking by tools such as John-the-ripper. In order to do so the user needs to have the appropriate DB privileges.

Credentials passed as script arguments take precedence over credentials discovered by other scripts.

Script Arguments

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

See the documentation for the mssql library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

执行格式

nmap -p 1433 <ip> --script ms-sql-dump-hashes

Script Output

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
| ms-sql-dump-hashes: 
|   nmap_test:0x01001234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123
|   sa:0x01001234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123
|_  webshop_dbo:0x01001234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123

Requires

Author: Patrik Karlsson

License: VER007 整理 http://www.ver007.com

File ms-sql-dump-hashes