CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/metasploit/framework/login_scanner/mssql.rb
Views: 1904
require 'rex/proto/mssql/client'1require 'metasploit/framework/login_scanner/base'2require 'metasploit/framework/login_scanner/rex_socket'3require 'metasploit/framework/login_scanner/ntlm'45module Metasploit6module Framework7module LoginScanner89# This is the LoginScanner class for dealing with Microsoft SQL Servers.10# It is responsible for taking a single target, and a list of credentials11# and attempting them. It then saves the results12class MSSQL13include Metasploit::Framework::LoginScanner::Base14include Metasploit::Framework::LoginScanner::RexSocket15include Metasploit::Framework::LoginScanner::NTLM1617DEFAULT_PORT = 143318DEFAULT_REALM = 'WORKSTATION'19# Lifted from lib/msf/core/exploit/mssql.rb20LIKELY_PORTS = [ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]21# Lifted from lib/msf/core/exploit/mssql.rb22LIKELY_SERVICE_NAMES = [ 'ms-sql-s', 'ms-sql2000', 'sybase', 'mssql' ]23PRIVATE_TYPES = [ :password, :ntlm_hash ]24REALM_KEY = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN2526# @!attribute auth27# @return [Array<String>] Auth The Authentication mechanism to use28# @see Msf::Exploit::Remote::AuthOption::MSSQL_OPTIONS29attr_accessor :auth3031validates :auth,32inclusion: { in: Msf::Exploit::Remote::AuthOption::MSSQL_OPTIONS }3334validates :auth,35inclusion: { in: Msf::Exploit::Remote::AuthOption::MSSQL_OPTIONS }3637# @!attribute domain_controller_rhost38# @return [String] Auth The domain controller rhost, required for Kerberos Authentication39attr_accessor :domain_controller_rhost4041# @!attribute domain_controller_rhost42# @return [String] Auth The mssql hostname, required for Kerberos Authentication43attr_accessor :hostname4445# @!attribute windows_authentication46# @return [Boolean] Whether to use Windows Authentication instead of SQL Server Auth.47attr_accessor :windows_authentication4849# @!attribute use_client_as_proof50# @return [Boolean] If a login is successful and this attribute is true - an MSSQL::Client instance is used as proof51attr_accessor :use_client_as_proof5253# @!attribute max_send_size54# @return [Integer] The max size of the data to encapsulate in a single packet55attr_accessor :max_send_size5657# @!attribute send_delay58# @return [Integer] The delay between sending packets59attr_accessor :send_delay6061validates :windows_authentication,62inclusion: { in: [true, false] }6364attr_accessor :tdsencryption6566validates :tdsencryption,67inclusion: { in: [true, false] }6869def attempt_login(credential)70result_options = {71credential: credential,72host: host,73port: port,74protocol: 'tcp',75service_name: 'mssql'76}7778begin79client = Rex::Proto::MSSQL::Client.new(framework_module, framework, host, port, proxies)80if client.mssql_login(credential.public, credential.private, '', credential.realm)81result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL82if use_client_as_proof83result_options[:proof] = client84result_options[:connection] = client.sock85else86client.disconnect87end88else89result_options[:status] = Metasploit::Model::Login::Status::INCORRECT90end91rescue ::Rex::ConnectionError => e92result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT93result_options[:proof] = e94rescue => e95elog(e)96result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT97result_options[:proof] = e98end99100::Metasploit::Framework::LoginScanner::Result.new(result_options)101end102103private104105def set_sane_defaults106self.connection_timeout ||= 30107self.port ||= DEFAULT_PORT108self.max_send_size ||= 0109self.send_delay ||= 0110111# Don't use ||= with booleans112self.send_lm = true if self.send_lm.nil?113self.send_ntlm = true if self.send_ntlm.nil?114self.send_spn = true if self.send_spn.nil?115self.use_lmkey = false if self.use_lmkey.nil?116self.use_ntlm2_session = true if self.use_ntlm2_session.nil?117self.use_ntlmv2 = true if self.use_ntlmv2.nil?118self.auth = Msf::Exploit::Remote::AuthOption::AUTO if self.auth.nil?119self.windows_authentication = false if self.windows_authentication.nil?120self.tdsencryption = false if self.tdsencryption.nil?121end122end123124end125end126end127128129