ms-sql-info

[AssassinUKG]

Describe the bug
Having an issue using the script due to the iterator issue as seem below

To Reproduce
Run cmd

Testing against a small network on HackTheBox (P.0.0)

sudo nmap -sC -sV --min-rate=1000 -T4 10.13.38.11 -v -p 1433 --script ms-sql-info -d

Error

NSE: ms-sql-info against 10.13.38.11:1433 threw an error!
attempt to index a nil value
stack traceback:
        [C]: in for iterator 'for iterator'
        /usr/bin/../share/nmap/nselib/mssql.lua:3334: in function </usr/bin/../share/nmap/nselib/mssql.lua:3327>
        (...tail calls...)

Expected behavior
The expected results are...

1433/tcp open  ms-sql-s Microsoft SQL Server  14.00.1000.00
| ms-sql-ntlm-info: 
|   Target_Name: POO
|   NetBIOS_Domain_Name: POO
|   NetBIOS_Computer_Name: COMPATIBILITY
|   DNS_Domain_Name: intranet.poo
|   DNS_Computer_Name: COMPATIBILITY.intranet.poo
|   DNS_Tree_Name: intranet.poo
|_  Product_Version: 10.0.14393
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2018-04-02T16:10:49
|_Not valid after:  2048-04-02T16:10:49
|_ssl-date: 2018-04-03T01:54:00+00:00; -4s from scanner time.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Version info (please complete the following information):

• OS: [e.g. Linux 4.15, Windows 10 1909]: Kali latest

• Output of nmap --version:
  Nmap version 7.93 ( https://nmap.org )
  Platform: x86_64-pc-linux-gnu
  Compiled with: liblua-5.3.6 openssl-3.0.7 libssh2-1.10.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
  Compiled without:
  Available nsock engines: epoll poll select

• Output of nmap --iflist
  Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-29 16:06 GMT
  INTERFACES
  DEV (SHORT) IP/MASK TYPE UP MTU MAC
  lo (lo) 127.0.0.1/8 loopback up 65536
  lo (lo) ::1/128 loopback up 65536
  eth0 (eth0) 192.168.1.243/24 ethernet up 1500 08:00:27:67:A7:AE
  eth0 (eth0) fe80::a00:27ff:fe67:a7ae/64 ethernet up 1500 08:00:27:67:A7:AE
  eth1 (eth1) (none)/0 ethernet up 1500 08:00:27:67:A7:AE
  docker0 (docker0) 172.17.0.1/16 ethernet up 1500 02:42:F4:63:4B:BF
  tun0 (tun0) 10.10.17.119/22 point2point up 1500
  tun0 (tun0) dead:beef:4::1175/64 point2point up 1500
  tun0 (tun0) fe80::c558:b328:83c2:f58f/64 point2point up 1500

ROUTES
DST/MASK DEV METRIC GATEWAY
10.13.38.0/24 tun0 0 10.10.16.1
192.168.1.0/24 eth0 101
10.10.16.0/22 tun0 0
10.129.0.0/16 tun0 0 10.10.16.1
172.17.0.0/16 docker0 0
0.0.0.0/0 eth0 101 192.168.1.254
::1/128 lo 0
dead:beef:4::1175/128 tun0 0
fe80::a00:27ff:fe67:a7ae/128 eth0 0
fe80::c558:b328:83c2:f58f/128 tun0 0
::1/128 lo 256
dead:beef:4::/64 tun0 256
fe80::/64 tun0 256
dead:beef::/64 tun0 1024
fe80::/64 eth0 1024
ff00::/8 eth0 256
ff00::/8 tun0 256

Additional context
Connected to HTB network via VPN

[Reelix]

It should be noted that this is a regression from 7.92 where it works as expected.

To demonstrate this, I copied the ms-sql-info.nse file from 7.92, renamed it, and ran it using 7.93

// ms-sql-info that comes with 7.93
C:\Nmap>nmap --script ms-sql-info 10.10.11.202 -p1433
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 14:54 South Africa Standard Time
NSOCK ERROR [0.0290s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds

// ms-sql-info that comes with 7.92
C:\Nmap>nmap --script ms-sql-info-7.92 10.10.11.202 -p1433
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-03 14:54 South Africa Standard Time
NSOCK ERROR [0.0280s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for 10.10.11.202
Host is up (0.19s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s

Host script results:
| ms-sql-info-7.92:
|   10.10.11.202:1433:
|     Version:
|       name: Microsoft SQL Server 2019 RTM
|       number: 15.00.2000.00
|       Product: Microsoft SQL Server 2019
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433

Nmap done: 1 IP address (1 host up) scanned in 6.38 seconds

Due to this, this issue should be re-opened.

[fyodor]

Re-opening per latest feedback from @Reelix

[TheProdigyLeague]

I annotated the issue. I am now reiterating this issue. (Not closed.)
`
~# HTB.net/v-1.2.3.4.5break;
</>
```

import sql
import metasploit
import ssh
import cli
import os
regression from nmap v-7.92 copy ms-sql-info.nse from 7.92 while py.exe -work cmd.exe \7.93
C:\Nmap> nmap --script ms-sql-info 10.10.11.202 -p1433
/!\ Starting Nmap 7.93...( https://nmap.org )
~# at 2023-03-03 14:54 /!\ South Africa Standard Time
do while loop throw, "NSOCK_ERROR"
[0.0290s]: ssl_init_helper(Iterate):^d in OpenSSL 遺產。提供商。 ~# Failed(load);~# Nmap scan report for 10.10.11.202/break; Host is up (0.19s latency).
港口。狀態。服務。
$ 1433/tcp open ms-sql-s
|_ms-sql-info: ERROR: py.exe failed (use -d to debug)
~# Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds
`

[iasdeoupxe]

While this issue is older it looks like #2622 could be a duplicate and a patch within it is available which could fix this as well.

[nnposter]

The issue has been likely rectified by a recent commit.