CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/mssql/mssql_ping.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::MSSQL

8
  include Msf::Auxiliary::Scanner

9
  include Msf::Auxiliary::Report

10


11
  def initialize

12
    super(

13
      'Name'           => 'MSSQL Ping Utility',

14
      'Description'    => 'This module simply queries the MSSQL Browser service for server information.',

15
      'Author'         => 'MC',

16
      'License'        => MSF_LICENSE

17
    )

18


19
    deregister_options('RPORT')

20
  end

21


22
  def run_host(ip)

23


24
    begin

25


26
    info = mssql_ping(2)

27
    #print_status info.inspect

28
    if info and not info.empty?

29
      info.each do |instance|

30
        if (instance['ServerName'])

31
          print_status("SQL Server information for #{ip}:")

32
          instance.each_pair {|k,v| print_good("   #{k + (" " * (15-k.length))} = #{v}")}

33
          if instance['tcp']

34
            report_mssql_service(ip,instance)

35
          end

36
        end

37
      end

38
    end

39


40
    rescue ::Rex::ConnectionError

41
    end

42
  end

43


44
  def test_connection(ip,port)

45
    begin

46
      sock = Rex::Socket::Tcp.create(

47
        'PeerHost' => ip,

48
        'PeerPort' => port

49
      )

50
    rescue Rex::ConnectionError

51
      return :down

52
    end

53
    sock.close

54
    return :up

55
  end

56


57
  def report_mssql_service(ip,info)

58
    mssql_info = "Version: %s, ServerName: %s, InstanceName: %s, Clustered: %s" % [

59
      info['Version'],

60
      info['ServerName'],

61
      info['InstanceName'],

62
      info['IsClustered']

63
    ]

64
    report_service(

65
      :host => ip,

66
      :port => 1434,

67
      :name => "mssql-m",

68
      :proto => "udp",

69
      :info => "TCP: #{info['tcp']}, Servername: #{info['ServerName']}"

70
    )

71
    mssql_tcp_state = (test_connection(ip,info['tcp']) == :up ? "open" : "closed")

72
    report_service(

73
      :host => ip,

74
      :port => info['tcp'],

75
      :name => "mssql",

76
      :info => mssql_info,

77
      :state => mssql_tcp_state

78
    )

79


80
  end

81
end

82


83