1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::MSSQL
8
  include Msf::OptionalSession::MSSQL
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name' => 'Microsoft SQL Server Generic Query',
15
        'Description' => %q{
16
          This module will allow for simple SQL statements to be executed against a
17
          MSSQL/MSDE instance given the appropriate credentials.
18
        },
19
        'Author' => [ 'tebo <tebo[at]attackresearch.com>' ],
20
        'License' => MSF_LICENSE,
21
        'References' => [
22
          [ 'URL', 'http://www.attackresearch.com' ],
23
          [ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],
24
        ],
25
        'Notes' => {
26
          'Stability' => [CRASH_SAFE],
27
          'SideEffects' => [IOC_IN_LOGS],
28
          'Reliability' => []
29
        }
30
      )
31
    )
32

33
    register_options(
34
      [
35
        OptString.new('SQL', [ false, 'The SQL query to execute', 'select @@version']),
36
      ]
37
    )
38
  end
39

40
  def auxiliary_commands
41
    { 'select' => 'Run a select query (a LIMIT clause is probably a really good idea)' }
42
  end
43

44
  def cmd_select(*args)
45
    datastore['SQL'] = "select #{args.join(' ')}"
46
    run
47
  end
48

49
  def run
50
    if session
51
      set_mssql_session(session.client)
52
    else
53
      unless mssql_login_datastore
54
        print_error('Error with mssql_login call')
55
        info = mssql_client.initial_connection_info
56
        if info[:errors] && !info[:errors].empty?
57
          info[:errors].each do |err|
58
            print_error(err)
59
          end
60
        end
61
        return
62
      end
63
    end
64

65
    mssql_query(datastore['SQL'], true)
66
  end
67
end
68

69