summaryrefslogtreecommitdiffstats
path: root/scripts/informix-query.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/informix-query.nse')
-rw-r--r--scripts/informix-query.nse94
1 files changed, 94 insertions, 0 deletions
diff --git a/scripts/informix-query.nse b/scripts/informix-query.nse
new file mode 100644
index 0000000..a590490
--- /dev/null
+++ b/scripts/informix-query.nse
@@ -0,0 +1,94 @@
+local informix = require "informix"
+local nmap = require "nmap"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Runs a query against IBM Informix Dynamic Server using the given
+authentication credentials (see also: informix-brute).
+]]
+
+---
+-- @usage
+-- nmap -p 9088 <host> --script informix-query --script-args informix-query.username=informix,informix-query.password=informix
+--
+-- @output
+-- PORT STATE SERVICE
+-- 9088/tcp open unknown syn-ack
+-- | informix-query:
+-- | Information
+-- | User: informix
+-- | Database: sysmaster
+-- | Query: "SELECT FIRST 1 DBINFO('dbhostname') hostname, DBINFO('version','full') version FROM systables"
+-- | Results
+-- | hostname version
+-- |_ patrik-laptop IBM Informix Dynamic Server Version 11.50.UC4E
+--
+-- @args informix-query.username The username used for authentication
+-- @args informix-query.password The password used for authentication
+-- @args informix-query.database The name of the database to connect to
+-- (default: sysmaster)
+-- @args informix-query.query The query to run against the server
+-- (default: returns hostname and version)
+-- @args informix-query.instance The name of the instance to connect to
+
+-- Version 0.1
+
+-- Created 07/28/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"intrusive", "auth"}
+dependencies = { "informix-brute" }
+
+
+portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open")
+
+action = function( host, port )
+ local instance = stdnse.get_script_args('informix-info.instance')
+ local helper
+ local status, data
+ local result = {}
+ local user = stdnse.get_script_args('informix-query.username')
+ local pass = stdnse.get_script_args('informix-query.password')
+ local query = stdnse.get_script_args('informix-query.query')
+ local db = stdnse.get_script_args('informix-query.database') or "sysmaster"
+
+ query = query or "SELECT FIRST 1 DBINFO('dbhostname') hostname, " ..
+ "DBINFO('version','full') version FROM systables"
+
+ helper = informix.Helper:new( host, port, instance )
+
+ -- If no user was specified lookup the first user in the registry saved by
+ -- the informix-brute script
+ if ( not(user) ) then
+ if ( nmap.registry['informix-brute'] and nmap.registry['informix-brute'][1]["username"] ) then
+ user = nmap.registry['informix-brute'][1]["username"]
+ pass = nmap.registry['informix-brute'][1]["password"]
+ else
+ return stdnse.format_output(false, "No credentials specified (see informix-table.username and informix-table.password)")
+ end
+ end
+
+ status, data = helper:Connect()
+ if ( not(status) ) then
+ return stdnse.format_output(status, data)
+ end
+
+ status, data = helper:Login(user, pass, nil, db)
+ if ( not(status) ) then return stdnse.format_output(status, data) end
+
+ status, data = helper:Query(query)
+ if ( not(status) ) then return stdnse.format_output(status, data) end
+
+ for _, rs in ipairs(data) do
+ table.insert( result, { "User: " .. user, "Database: " .. db, ( "Query: \"%s\"" ):format( rs.query ), name="Information" } )
+ local tmp = informix.Util.formatTable( rs )
+ tmp.name = "Results"
+ table.insert( result, tmp )
+ end
+
+
+ return stdnse.format_output(status, result)
+end