Class: Metasploit::Framework::LoginScanner::MSSQL
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::MSSQL
- Includes:
- Base, NTLM, RexSocket, MSSQL::Client
- Defined in:
- lib/metasploit/framework/login_scanner/mssql.rb
Overview
This is the LoginScanner class for dealing with Microsoft SQL Servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results
Constant Summary collapse
- DEFAULT_PORT =
1433
- DEFAULT_REALM =
'WORKSTATION'
- LIKELY_PORTS =
Lifted from lib/msf/core/exploit/mssql.rb
[ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]
- LIKELY_SERVICE_NAMES =
Lifted from lib/msf/core/exploit/mssql.rb
[ 'ms-sql-s', 'ms-sql2000', 'sybase', 'mssql' ]
- PRIVATE_TYPES =
[ :password, :ntlm_hash ]
- REALM_KEY =
Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
Constants included from MSSQL::Client
MSSQL::Client::ENCRYPT_NOT_SUP, MSSQL::Client::ENCRYPT_OFF, MSSQL::Client::ENCRYPT_ON, MSSQL::Client::ENCRYPT_REQ, MSSQL::Client::STATUS_END_OF_MESSAGE, MSSQL::Client::STATUS_IGNORE_EVENT, MSSQL::Client::STATUS_NORMAL, MSSQL::Client::STATUS_RESETCONNECTION, MSSQL::Client::STATUS_RESETCONNECTIONSKIPTRAN, MSSQL::Client::TYPE_ATTENTION_SIGNAL, MSSQL::Client::TYPE_BULK_LOAD, MSSQL::Client::TYPE_PRE_LOGIN_MESSAGE, MSSQL::Client::TYPE_PRE_TDS7_LOGIN, MSSQL::Client::TYPE_RPC, MSSQL::Client::TYPE_SQL_BATCH, MSSQL::Client::TYPE_SSPI_MESSAGE, MSSQL::Client::TYPE_TABLE_RESPONSE, MSSQL::Client::TYPE_TDS7_LOGIN, MSSQL::Client::TYPE_TRANSACTION_MANAGER_REQUEST
Instance Attribute Summary collapse
-
#tdsencryption ⇒ Object
Returns the value of attribute tdsencryption.
-
#windows_authentication ⇒ Boolean
Whether to use Windows Authentication instead of SQL Server Auth.
Attributes included from Tcp::Client
#max_send_size, #send_delay, #sock
Instance Method Summary collapse
Methods included from MSSQL::Client
#mssql_login, #mssql_parse_done, #mssql_parse_env, #mssql_parse_error, #mssql_parse_info, #mssql_parse_login_ack, #mssql_parse_reply, #mssql_parse_ret, #mssql_parse_tds_reply, #mssql_parse_tds_row, #mssql_prelogin, #mssql_send_recv, #mssql_ssl_send_recv, #mssql_tds_encrypt, #send_lm, #send_ntlm, #send_spn, #use_ntlm2_session, #use_ntlmv2
Methods included from Tcp::Client
#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version
Instance Attribute Details
#tdsencryption ⇒ Object
Returns the value of attribute tdsencryption.
35 36 37 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 35 def tdsencryption @tdsencryption end |
#windows_authentication ⇒ Boolean
Returns Whether to use Windows Authentication instead of SQL Server Auth.
30 31 32 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 30 def windows_authentication @windows_authentication end |
Instance Method Details
#attempt_login(credential) ⇒ Object
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 40 def attempt_login(credential) = { credential: credential, host: host, port: port, protocol: 'tcp', service_name: 'mssql' } begin if mssql_login(credential.public, credential.private, '', credential.realm) [:status] = Metasploit::Model::Login::Status::SUCCESSFUL else [:status] = Metasploit::Model::Login::Status::INCORRECT end rescue ::Rex::ConnectionError [:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT end ::Metasploit::Framework::LoginScanner::Result.new() end |