CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/mssql/mssql_version.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::MSSQL

8
  include Msf::Auxiliary::Scanner

9
  include Msf::OptionalSession::MSSQL

10


11
  def initialize

12
    super(

13
      'Name' => 'MSSQL Version Utility',

14
      'Description' => 'Executes a TDS7 pre-login request against the MSSQL instance to query for version information.',

15
      'Author' => 'Zach Goldman',

16
      'License' => MSF_LICENSE

17
    )

18


19
    register_options([

20
      Opt::RPORT(1433)

21
    ])

22
  end

23


24
  def run

25
    if session

26
      set_mssql_session(session.client)

27
      data = mssql_client.initial_connection_info[:prelogin_data]

28
    else

29
      create_mssql_client

30
      data = mssql_prelogin

31
    end

32


33
    if data.blank?

34
      print_error("Unable to retrieve version information for #{mssql_client.peerhost}")

35
      return

36
    end

37


38
    data[:status] = 'open' if data[:version] || data[:encryption]

39


40
    print_status("SQL Server for #{mssql_client.peerhost}:")

41
    if data[:version]

42
      print_good("Version: #{data[:version]}")

43
    else

44
      print_error('Unknown Version')

45
    end

46
    if data[:encryption]

47
      case data[:encryption]

48
      when ENCRYPT_OFF

49
        data[:encryption] = 'off'

50
      when ENCRYPT_ON

51
        data[:encryption] = 'on'

52
      when ENCRYPT_NOT_SUP

53
        data[:encryption] = 'unsupported'

54
      when ENCRYPT_REQ

55
        data[:encryption] = 'required'

56
      else

57
        data[:encryption] = 'unknown'

58
      end

59
      print_good("Encryption: #{data[:encryption]}")

60
    else

61
      print_error('Unknown encryption status')

62
    end

63


64
    report_mssql_service(mssql_client.peerhost, data)

65
  end

66


67
  def report_mssql_service(ip, data)

68
    mssql_info = 'Version: %<version>s, Encryption: %<encryption>s' % [

69
      version: data[:version] || 'unknown',

70
      encryption: data[:encryption] || 'unknown'

71
    ]

72
    report_service(

73
      host: ip,

74
      port: mssql_client.peerport,

75
      name: 'mssql',

76
      info: mssql_info,

77
      state: (data['Status'].nil? ? 'closed' : data['Status'])

78
    )

79
  end

80
end

81


82