The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.
Script scanning is normally done in combination with a port scan, because scripts may be run or not run depending on the port states found by the scan. With the –sn option it is possible to run a script scan without a port scan, only host discovery. In this case only host scripts will be eligible to run. To run a script scan with neither a host discovery nor a port scan, use the -Pn -snoptions together with -sC or –script. Every host will be assumed up and still only host scripts will be run. This technique is useful for scripts like whois-ip that only use the remote system’s address and don’t require it to be up.
MSSQL Database Penetration Testing
It is quite common to discover a Microsoft SQL server in a penetration testing engagement as many companies are having Windows environments. SQL servers are generally running on port 1433 but it can be found and in other ports as well.Since it’s a very popular database we have to know all the methods in order to conduct the database assessment efficiently.
SQL Servers are most used web servers across the globe which makes it more prone to attacks and its hackers favourite target because once hacker got SQL Servers, they gets everything. Today we will come to know how to do Penetration testing of SQL Servers using NMAP. Most people think that NMAP is just a port scanner but that was long back. After NMAP scripting engine launch, NMAP has just transformed into a Penetration testing Machine. With current version of NMAP (with help of scripts) we can perform end to end Penetration Testing of SQL Servers without even needing any additional tool or software.
1. Target is 172.16.178.14 so we write in terminal #ping 172.16.178.142
2. #nmap 172.16.178.142 after this command we will be able to see the open ports.
3. #nmap -p 1433 -sV 172.16.178.142. -p to scan for ports(1433-open port)
4. #ls /usr/share/nmap/scripts | grep ms-sql (For grepping through all defined tables, columns, stored procedures, etc, for a MySql database.)
5. Nmap scripts are stored in a scripts subdirectory of the Nmap data directory by default. For efficiency, scripts are indexed in a database stored in scripts/script.db, which lists the category or categories in which each script belongs. #nmap -p 1433 –scripts=ms-sql-info.nse 172.16.178.142
6 .nmap -p 1433 –scripts=ms-sql-config.nse 172.16.178.142 .(shows all configuration options.)
7. nmap done.