Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/mssql/mssql_ping.rb
19758 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::MSSQL

8
  include Msf::Auxiliary::Scanner

9
  include Msf::Auxiliary::Report

10


11
  def initialize

12
    super(

13
      'Name' => 'MSSQL Ping Utility',

14
      'Description' => 'This module simply queries the MSSQL Browser service for server information.',

15
      'Author' => 'MC',

16
      'License' => MSF_LICENSE

17
    )

18


19
    deregister_options('RPORT')

20
  end

21


22
  def run_host(ip)

23
    begin

24
      info = mssql_ping(2)

25
      # print_status info.inspect

26
      if info and not info.empty?

27
        info.each do |instance|

28
          if (instance['ServerName'])

29
            print_status("SQL Server information for #{ip}:")

30
            instance.each_pair { |k, v| print_good("   #{k + (" " * (15 - k.length))} = #{v}") }

31
            if instance['tcp']

32
              report_mssql_service(ip, instance)

33
            end

34
          end

35
        end

36
      end

37
    rescue ::Rex::ConnectionError

38
    end

39
  end

40


41
  def test_connection(ip, port)

42
    begin

43
      sock = Rex::Socket::Tcp.create(

44
        'PeerHost' => ip,

45
        'PeerPort' => port

46
      )

47
    rescue Rex::ConnectionError

48
      return :down

49
    end

50
    sock.close

51
    return :up

52
  end

53


54
  def report_mssql_service(ip, info)

55
    mssql_info = "Version: %s, ServerName: %s, InstanceName: %s, Clustered: %s" % [

56
      info['Version'],

57
      info['ServerName'],

58
      info['InstanceName'],

59
      info['IsClustered']

60
    ]

61
    report_service(

62
      :host => ip,

63
      :port => 1434,

64
      :name => "mssql-m",

65
      :proto => "udp",

66
      :info => "TCP: #{info['tcp']}, Servername: #{info['ServerName']}"

67
    )

68
    mssql_tcp_state = (test_connection(ip, info['tcp']) == :up ? "open" : "closed")

69
    report_service(

70
      :host => ip,

71
      :port => info['tcp'],

72
      :name => "mssql",

73
      :info => mssql_info,

74
      :state => mssql_tcp_state

75
    )

76
  end

77
end

78


79