Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/admin/mssql/mssql_sql_file.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::MSSQL7include Msf::OptionalSession::MSSQL89def initialize(info = {})10super(update_info(info,11'Name' => 'Microsoft SQL Server Generic Query from File',12'Description' => %q{13This module will allow for multiple SQL queries contained within a specified14file to be executed against a Microsoft SQL (MSSQL) Server instance, given15the appropriate credentials.16},17'Author' => [ 'j0hn__f : <jf[at]tinternet.org.uk>' ],18'License' => MSF_LICENSE19))2021register_options(22[23OptPath.new('SQL_FILE', [ true, "File containing multiple SQL queries execute (one per line)"]),24OptString.new('QUERY_PREFIX', [ false, "string to append each line of the file",""]),25OptString.new('QUERY_SUFFIX', [ false, "string to prepend each line of the file",""])26])27end282930def run31queries = File.readlines(datastore['SQL_FILE'])3233prefix = datastore['QUERY_PREFIX']34suffix = datastore['QUERY_SUFFIX']3536begin37if session38set_mssql_session(session.client)39else40unless mssql_login_datastore41print_error("#{datastore['RHOST']}:#{datastore['RPORT']} - Invalid SQL Server credentials")42return43end44end45queries.each do |sql_query|46vprint_status("Executing: #{sql_query}")47mssql_query(prefix+sql_query.chomp+suffix,true)48end49rescue Rex::ConnectionRefused, Rex::ConnectionTimeout50print_error "Error connecting to server: #{$!}"51ensure52disconnect unless session53end54end55end565758