Path: blob/master/modules/auxiliary/admin/mssql/mssql_sql.rb
19516 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::MSSQL7include Msf::OptionalSession::MSSQL89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Microsoft SQL Server Generic Query',14'Description' => %q{15This module will allow for simple SQL statements to be executed against a16MSSQL/MSDE instance given the appropriate credentials.17},18'Author' => [ 'tebo <tebo[at]attackresearch.com>' ],19'License' => MSF_LICENSE,20'References' => [21[ 'URL', 'http://www.attackresearch.com' ],22[ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],23],24'Notes' => {25'Stability' => [CRASH_SAFE],26'SideEffects' => [IOC_IN_LOGS],27'Reliability' => []28}29)30)3132register_options(33[34OptString.new('SQL', [ false, 'The SQL query to execute', 'select @@version']),35]36)37end3839def auxiliary_commands40{ 'select' => 'Run a select query (a LIMIT clause is probably a really good idea)' }41end4243def cmd_select(*args)44datastore['SQL'] = "select #{args.join(' ')}"45run46end4748def run49if session50set_mssql_session(session.client)51else52unless mssql_login_datastore53print_error('Error with mssql_login call')54info = mssql_client.initial_connection_info55if info[:errors] && !info[:errors].empty?56info[:errors].each do |err|57print_error(err)58end59end60return61end62end6364mssql_query(datastore['SQL'], true)65end66end676869