metasploit-framework/lib/msf/core/exploit/mssql.rb

require 'msf/core'

module Msf

###
#
# This module exposes methods for querying a remote MSSQL service
#
###
module Exploit::Remote::MSSQL
	
	include Exploit::Remote::Udp
	include Exploit::Remote::Tcp
	
	#
	# Creates an instance of a MSSQL exploit module.
	#
	def initialize(info = {})
		super

		# Register the options that all MSSQL exploits may make use of.
		register_options(
			[
				Opt::RHOST,
				Opt::RPORT(1433),
			], Msf::Exploit::Remote::MSSQL)
	end
	
	#
	# This method sends a UDP query packet to the server and
	# parses out the reply packet into a hash
	#
	def mssql_ping(timeout=5)
		data = { }
		
		ping_sock = Rex::Socket::Udp.create(
			'PeerHost'  => rhost,
			'PeerPort'  => 1434,
			'Context'   =>
				{
					'Msf'        => framework,
					'MsfExploit' => self,
				})
		
		
		ping_sock.put("\x02")
		resp, saddr, sport = ping_sock.recvfrom(65535, timeout)
		ping_sock.close

		return data if not resp
		return data if resp.length == 0
		
		var = nil

		return mssql_ping_parse(resp)
	end
	
	#
	# Parse a 'ping' response and format as a hash
	#
	def mssql_ping_parse(data)
		res = {}
		var = nil
		idx = data.index('ServerName')
		return res if not idx
		
		data[idx, data.length-idx].split(';').each do |d|
			if (not var)
				var = d
			else
				if (var.length > 0)
					res[var] = d
					var = nil
				end
			end
		end
		
		return res
	end
	
	#
	# This method connects to the server over TCP and attempts
	# to authenticate with the supplied username and password
	# The global socket is used and left connected after auth
	#
	def mssql_login(user='sa', pass='')
		p_hdr = 
			"\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00"

		p_pk2 = 
			"\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"+
			"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"+
			"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00"

		p_pk3 = 
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"+
			"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00"+
			"\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00"


		p_lang = 
			"\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
			"\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00"+
			"\x00\x03\x00\x00\x00"
		
		user = user.slice(0, 29)
		pass = pass.slice(0, 29)
		
		ulen = user.length.chr
		plen = pass.length.chr
		
		user << ("\x00" * (30-user.length))
		pass << ("\x00" * (30-pass.length))
		
		p_login = p_hdr + user + ulen + pass + plen
		p_login << p_pk2 + plen + pass + p_pk3

		connect
		sock.put(p_login)
		sock.put(p_lang)
		resp = sock.get_once
		
		if (resp and resp.length > 10 and resp[8] == 0xe3)
			
			return true
		end
		
		return false
	end
	
	def sql_query(sql)
		pkt = "\x01\x01\x00\x00\x01\x00" + sql
			
		len = [pkt.length+2].pack('n')
		pkt.insert(2, len)
		
		sock.put(pkt)
		resp = sock.get(timeout=15)	
		
		return query_parse(resp)
	end
	
	def cmd_exec(cmd)
		cmd_query = "xp_cmdshell '#{cmd}'"
		sql_query(cmd_query)
	end

	def query_parse(resp)
		@data = ""
		status = 0
		while status == 0
			status,
			size,
			pkt = parse_header(resp.slice!(0,8)) 
			@data << resp.slice!(0,(size-8)) 
		end

		until @data == nil
			token = @data.slice!(0,1).unpack('C')[0] 
			case token
			when 0xa0, 0xa1
				parse_column()
			when 0xd1
				parse_row()
			when 0x79
				parse_ret()
			when 0xfd, 0xfe, 0xff
				parse_done()
			when nil
				break
			else
				print_error("Got unsupported token!")
			end
		end
		
	end

	def parse_header(header)
		type,
		status,
		size,
		chan,
		pkt,
		window = header.unpack('CCnnCC')

		#print_status("Got Packet #{pkt} of #{size} bytes...")
		return status,size,pkt
	end

	def parse_column()
		len = @data.slice!(0,2).unpack('v')[0]
		str = @data.slice!(0,len).unpack('A*')
	end

	def parse_row()
		len = @data.slice!(0,1).unpack('C')[0]
		if len == 0
			print_line()
		else
			str = @data.slice!(0,len).unpack("A*")[0]
			print_line("\t#{str}")
		end
	end

	def parse_ret()
		ret = @data.slice!(0,4).unpack('N')[0]
		unless ret == 0
			print_error("There was a problem executing the query...")
		end	
	end

	def parse_done()
		status,
		cmd,
		rows = @data.slice!(0,8).unpack('nnN')
	end

end
end
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`require 'msf/core'`

			`module Msf`

			`###`
			`#`
			`# This module exposes methods for querying a remote MSSQL service`
			`#`
			`###`
			`module Exploit::Remote::MSSQL`

			`include Exploit::Remote::Udp`
			`include Exploit::Remote::Tcp`

			`#`
			`# Creates an instance of a MSSQL exploit module.`
			`#`
			`def initialize(info = {})`
			`super`

gee, these were not cut and paste targets... git-svn-id: file:///home/svn/incoming/trunk@3490 4d416f70-5f16-0410-b530-b9f4589650da 2006-02-01 22:33:49 +00:00			`# Register the options that all MSSQL exploits may make use of.`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`register_options(`
			`[`
			`Opt::RHOST,`
			`Opt::RPORT(1433),`
			`], Msf::Exploit::Remote::MSSQL)`
			`end`

			`#`
			`# This method sends a UDP query packet to the server and`
			`# parses out the reply packet into a hash`
			`#`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`def mssql_ping(timeout=5)`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`data = { }`

			`ping_sock = Rex::Socket::Udp.create(`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`'PeerHost' => rhost,`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`'PeerPort' => 1434,`
			`'Context' =>`
			`{`
			`'Msf' => framework,`
			`'MsfExploit' => self,`
			`})`


			`ping_sock.put("\x02")`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`resp, saddr, sport = ping_sock.recvfrom(65535, timeout)`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`ping_sock.close`

			`return data if not resp`
			`return data if resp.length == 0`

			`var = nil`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00
			`return mssql_ping_parse(resp)`
			`end`

			`#`
			`# Parse a 'ping' response and format as a hash`
			`#`
			`def mssql_ping_parse(data)`
			`res = {}`
			`var = nil`
			`idx = data.index('ServerName')`
			`return res if not idx`

			`data[idx, data.length-idx].split(';').each do \|d\|`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`if (not var)`
			`var = d`
			`else`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`if (var.length > 0)`
			`res[var] = d`
			`var = nil`
			`end`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`end`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`end`

			`return res`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`end`

			`#`
			`# This method connects to the server over TCP and attempts`
			`# to authenticate with the supplied username and password`
			`# The global socket is used and left connected after auth`
			`#`
			`def mssql_login(user='sa', pass='')`
Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`p_hdr =`
			`"\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00"+`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00"`

Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`p_pk2 =`
			`"\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00"+`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03"+`
			`"\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61"+`
			`"\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00"`

Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`p_pk3 =`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44"+`
			`"\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00"+`
			`"\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00"`


Abstracted the RHOST references from inside the mixins. Added a mssql_ping_parse method to the mssql mixin git-svn-id: file:///home/svn/framework3/trunk@3827 4d416f70-5f16-0410-b530-b9f4589650da 2006-08-13 18:03:28 +00:00			`p_lang =`
			`"\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00"+`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+`
			`"\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00"+`
			`"\x00\x03\x00\x00\x00"`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`user = user.slice(0, 29)`
			`pass = pass.slice(0, 29)`

			`ulen = user.length.chr`
			`plen = pass.length.chr`

			`user << ("\x00" * (30-user.length))`
			`pass << ("\x00" * (30-pass.length))`

			`p_login = p_hdr + user + ulen + pass + plen`
			`p_login << p_pk2 + plen + pass + p_pk3`
Merging all of the auxilliary/scanner related features git-svn-id: file:///home/svn/framework3/trunk@4749 4d416f70-5f16-0410-b530-b9f4589650da 2007-04-24 06:27:39 +00:00
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`connect`
			`sock.put(p_login)`
			`sock.put(p_lang)`
			`resp = sock.get_once`

			`if (resp and resp.length > 10 and resp[8] == 0xe3)`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`return true`
			`end`

			`return false`
			`end`

missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00			`def sql_query(sql)`
			`pkt = "\x01\x01\x00\x00\x01\x00" + sql`

			`len = [pkt.length+2].pack('n')`
			`pkt.insert(2, len)`

			`sock.put(pkt)`
			`resp = sock.get(timeout=15)`

more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`return query_parse(resp)`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00			`end`

			`def cmd_exec(cmd)`
			`cmd_query = "xp_cmdshell '#{cmd}'"`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`sql_query(cmd_query)`
			`end`

			`def query_parse(resp)`
			`@data = ""`
			`status = 0`
			`while status == 0`
			`status,`
			`size,`
			`pkt = parse_header(resp.slice!(0,8))`
			`@data << resp.slice!(0,(size-8))`
			`end`

			`until @data == nil`
			`token = @data.slice!(0,1).unpack('C')[0]`
			`case token`
			`when 0xa0, 0xa1`
			`parse_column()`
			`when 0xd1`
			`parse_row()`
			`when 0x79`
			`parse_ret()`
			`when 0xfd, 0xfe, 0xff`
			`parse_done()`
			`when nil`
			`break`
			`else`
patch from tebo; use standard printing methods git-svn-id: file:///home/svn/framework3/trunk@6134 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 17:52:54 +00:00			`print_error("Got unsupported token!")`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`end`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00			`end`

			`end`

more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`def parse_header(header)`
			`type,`
			`status,`
			`size,`
			`chan,`
			`pkt,`
			`window = header.unpack('CCnnCC')`

patch from tebo; use standard printing methods git-svn-id: file:///home/svn/framework3/trunk@6134 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 17:52:54 +00:00			`#print_status("Got Packet #{pkt} of #{size} bytes...")`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`return status,size,pkt`
			`end`

			`def parse_column()`
Fix an unpack('S') -- this is host-order specific and should be 'v' git-svn-id: file:///home/svn/framework3/trunk@6895 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-25 03:47:30 +00:00			`len = @data.slice!(0,2).unpack('v')[0]`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`str = @data.slice!(0,len).unpack('A*')`
			`end`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`def parse_row()`
			`len = @data.slice!(0,1).unpack('C')[0]`
			`if len == 0`
patch from tebo; use standard printing methods git-svn-id: file:///home/svn/framework3/trunk@6134 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 17:52:54 +00:00			`print_line()`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`else`
			`str = @data.slice!(0,len).unpack("A*")[0]`
patch from tebo; use standard printing methods git-svn-id: file:///home/svn/framework3/trunk@6134 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 17:52:54 +00:00			`print_line("\t#{str}")`
missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00			`end`
			`end`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00
			`def parse_ret()`
			`ret = @data.slice!(0,4).unpack('N')[0]`
			`unless ret == 0`
patch from tebo; use standard printing methods git-svn-id: file:///home/svn/framework3/trunk@6134 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 17:52:54 +00:00			`print_error("There was a problem executing the query...")`
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`end`
			`end`

			`def parse_done()`
			`status,`
			`cmd,`
			`rows = @data.slice!(0,8).unpack('nnN')`
			`end`

missed part of the patch for tebo's mssql login scanner module git-svn-id: file:///home/svn/framework3/trunk@6131 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 00:26:05 +00:00			`end`
Mixins git-svn-id: file:///home/svn/incoming/trunk@3123 4d416f70-5f16-0410-b530-b9f4589650da 2005-11-26 11:16:50 +00:00			`end`