Class: Metasploit::Framework::LoginScanner::MSSQL

Inherits:
Object
  • Object
show all
Includes:
Base, NTLM, RexSocket
Defined in:
lib/metasploit/framework/login_scanner/mssql.rb

Overview

This is the LoginScanner class for dealing with Microsoft SQL Servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results

Constant Summary collapse

DEFAULT_PORT = 
1433
DEFAULT_REALM = 
nil
LIKELY_PORTS =

Lifted from lib/msf/core/exploit/mssql.rb

[ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]
LIKELY_SERVICE_NAMES =

Lifted from lib/msf/core/exploit/mssql.rb

[ 'ms-sql-s', 'ms-sql2000', 'sybase', 'mssql' ]
PRIVATE_TYPES = 
[ :password, :ntlm_hash ]
REALM_KEY = 
Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#authArray<String>

Returns Auth The Authentication mechanism to use.

Returns:

  • (Array<String>)

    Auth The Authentication mechanism to use

See Also:



30
31
32
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 30

def auth
  @auth
end

#domain_controller_rhostString

Returns Auth The mssql hostname, required for Kerberos Authentication.

Returns:

  • (String)

    Auth The mssql hostname, required for Kerberos Authentication



37
38
39
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 37

def domain_controller_rhost
  @domain_controller_rhost
end

#hostnameObject

Returns the value of attribute hostname.



41
42
43
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 41

def hostname
  @hostname
end

#max_send_sizeInteger

Returns The max size of the data to encapsulate in a single packet.

Returns:

  • (Integer)

    The max size of the data to encapsulate in a single packet



49
50
51
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 49

def max_send_size
  @max_send_size
end

#send_delayInteger

Returns The delay between sending packets.

Returns:

  • (Integer)

    The delay between sending packets



53
54
55
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 53

def send_delay
  @send_delay
end

#tdsencryptionObject

Returns the value of attribute tdsencryption.



55
56
57
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 55

def tdsencryption
  @tdsencryption
end

#use_client_as_proofBoolean

Returns If a login is successful and this attribute is true - an MSSQL::Client instance is used as proof.

Returns:

  • (Boolean)

    If a login is successful and this attribute is true - an MSSQL::Client instance is used as proof



45
46
47
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 45

def use_client_as_proof
  @use_client_as_proof
end

Instance Method Details

#attempt_login(credential) ⇒ Object 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 60

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'mssql'
  }

  begin
    client = Rex::Proto::MSSQL::Client.new(framework_module, framework, host, port, proxies, sslkeylogfile: sslkeylogfile)
    if client.(credential.public, credential.private, '', credential.realm)
      result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
      if use_client_as_proof
        result_options[:proof] = client
        result_options[:connection] = client.sock
      else
        client.disconnect
      end
    else
      result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
    end
  rescue ::Rex::ConnectionError => e
    result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    result_options[:proof] = e
  rescue => e
    elog(e, error: e)
    result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
    result_options[:proof] = e
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end