style, ref, desc, and author updates

2012-11-05 12:45:54 -06:00 · 2012-11-05 12:45:54 -06:00 · 0246e921c5
parent 9158497fb4
commit 0246e921c5
1 changed files with 22 additions and 8 deletions
--- a/modules/exploits/windows/mssql/mssql_linkcrawler.rb
+++ b/modules/exploits/windows/mssql/mssql_linkcrawler.rb
@ -7,21 +7,35 @@ class Metasploit3 < Msf::Exploit::Remote
 	include Msf::Exploit::Remote::MSSQL
 	include Msf::Auxiliary::Report
 	include Msf::Exploit::CmdStagerVBS
-	#include Msf::Exploit::EXE

 	def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Microsoft SQL Server - Database Link Crawler',
-			'Description'    => %q{When provided credentials, this module will crawl
-			SQL Server database links and identify links configured with sysadmin privileges.},
+			'Description'    => %q{This module can be used to crawl MS SQL Server
+			database links and deploy metasploit payloads through links configured
+			with sysadmin privileges using a valid SQL Server Login.  If you are
+			attempting to obtain multiple reverse shells using this module we
+			recommend setting the "DisablePayloadHandler" advanced option to "true",
+			and setting up a multi/handler to run in the background as a job to
+			support multiple incoming shells.  If you are interested in deploying
+			payloads to spefic servers this module also supports that functionality
+			via the "DEPLOYLIST" option.  Currently, the module is capable of
+			delivering payloads to both 32bit and 64bit Windows systems via
+			powershell memory injection methods based on Matthew Graeber's work.
+			As a result, the target server must have powershell installed.
+			By default, all of the crawl information is saved to a CSV formatted
+			log file and MSF loot so that the tool can also be used for auditing
+			without deploying payloads.},
 			'Author'         =>
 				[
-					'Antti Rantasaari <antti.rantasaari@netspi.com>',
-					'nullbind <scott.sutherland@netspi.com>'
+					'Antti Rantasaari <antti.rantasaari [at] netspi.com>',
+					'Scott Sutherland "nullbind" <scott.sutherland [at] netspi.com>'
 				],
-			'Platform'      => [ 'Windows' ],
+			'Platform'      => [ 'win' ],
 			'License'        => MSF_LICENSE,
-			'References'     => [[ 'URL', 'http://www.netspi.com/' ]],
+			'References'     => [[ 'URL', 'http://www.slideshare.net/nullbind/sql-server-exploitation-escalation-pilfering-appsec-usa-2012'],
+								['URL','http://msdn.microsoft.com/en-us/library/ms188279.aspx'],
+								['URL','http://www.exploit-monday.com/2011_10_16_archive.html']],
 			'Platform'       => 'win',
 			'DisclosureDate' => 'Jan 1 2000',
 			'Targets'        =>
@ -473,7 +487,7 @@ $winFunc::CreateThread(0,0,$x,0,0,0)"

 		# Write base64 encoded powershell payload to temp file
 		# This is written 2500 characters at a time due to xp_cmdshell ruby function limitations
-		# Also, line number tracking was added so that duplication lines causes by nested linked
+		# Also, line number tracking was added so that duplication lines caused by nested linked
 		# queries could be found and removed.
 		print_status("Deploying payload...")
 		linenum = 0