metasploit-framework/modules/auxiliary/admin/mssql/mssql_sql.rb

##
# $Id:$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##

require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::MSSQL
	
	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'Run simple SQL against the MSSQL instance',
			'Description'    => %q{
					This module will allow for simple SQL statements to be executed against a
					MSSQL/MSDE instance given the appropiate credentials.
			},
			'Author'         => [ 'tebo <tebo [at] attackresearch [dot] com>' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision:$',
			'References'     =>
				[
					[ 'URL', 'www.attackresearch.com' ],
					[ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],
				]))

			register_options( 
				[
					OptString.new('MSSQL_USER', [ false, 'The username to authenticate as', 'sa']),
					OptString.new('MSSQL_PASS', [ false, 'The password for the specified username', '']),
					OptString.new('SQL', [ false, 'The SQL to execute',  'select @@version']),
				], self.class)
	end

	def run
		connect
		if mssql_login
			query = datastore['SQL']
			res = sql_query(query)
		end
		disconnect
	end
end
more awesomeness from tebo git-svn-id: file:///home/svn/framework3/trunk@6133 4d416f70-5f16-0410-b530-b9f4589650da 2009-01-12 05:18:05 +00:00			`##`
			`# $Id:$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/projects/Framework/`
			`##`

			`require 'msf/core'`


			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::MSSQL`

			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'Run simple SQL against the MSSQL instance',`
			`'Description' => %q{`
			`This module will allow for simple SQL statements to be executed against a`
			`MSSQL/MSDE instance given the appropiate credentials.`
			`},`
			`'Author' => [ 'tebo <tebo [at] attackresearch [dot] com>' ],`
			`'License' => MSF_LICENSE,`
			`'Version' => '$Revision:$',`
			`'References' =>`
			`[`
			`[ 'URL', 'www.attackresearch.com' ],`
			`[ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],`
			`]))`

			`register_options(`
			`[`
			`OptString.new('MSSQL_USER', [ false, 'The username to authenticate as', 'sa']),`
			`OptString.new('MSSQL_PASS', [ false, 'The password for the specified username', '']),`
			`OptString.new('SQL', [ false, 'The SQL to execute', 'select @@version']),`
			`], self.class)`
			`end`

			`def run`
			`connect`
			`if mssql_login`
			`query = datastore['SQL']`
			`res = sql_query(query)`
			`end`
			`disconnect`
			`end`
			`end`