Add a mysql mixin that wraps ruby-mysql (tmtm.org)

git-svn-id: file:///home/svn/framework3/trunk@7977 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 05:21:21 +00:00 · 2009-12-26 05:21:21 +00:00 · 4331c111f1
parent ec9bc73e0f
commit 4331c111f1
3 changed files with 77 additions and 1 deletions
--- a/lib/msf/core/exploit/mixins.rb
+++ b/lib/msf/core/exploit/mixins.rb
@ -25,6 +25,7 @@ require 'msf/core/exploit/dcerpc'
 require 'msf/core/exploit/sunrpc'
 require 'msf/core/exploit/mssql'
 require 'msf/core/exploit/mssql_commands'
+require 'msf/core/exploit/mysql'
 require 'msf/core/exploit/snmp'	
 require 'msf/core/exploit/arkeia'
 require 'msf/core/exploit/ndmp'
--- a/lib/msf/core/exploit/mysql.rb
+++ b/lib/msf/core/exploit/mysql.rb
@ -0,0 +1,75 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+###
+# This module provides methods for communicating with a host running MySQL.
+###
+
+
+require 'msf/core'
+require 'rbmysql'
+
+module Msf
+module Exploit::Remote::MYSQL
+
+	include Exploit::Remote::Tcp
+
+	def initialize(info = {})
+		super
+
+		register_options(
+			[
+				Opt::RHOST,
+				Opt::RPORT(3306),
+				OptString.new('MYSQL_USER', [ true, 'The username to authenticate as', 'root']),
+				OptString.new('MYSQL_PASS', [ false, 'The password for the specified username', '']),
+			], Msf::Exploit::Remote::MYSQL
+		)
+	end
+
+	def mysql_login(user='root', pass='', db=nil)
+		disconnect if self.sock
+		connect
+
+		@mysql_handle = ::RbMysql.connect({
+			:host     => rhost,
+			:port     => rport,
+			:socket   => sock,
+			:user     => user,
+			:password => pass,
+			:db       => db
+		})
+	end
+
+	def mysql_logoff
+		@mysql_handle = nil if @mysql_handle
+		disconnect if self.sock
+	end
+
+	def mysql_login_datastore
+		mysql_login(datastore['MYSQL_USER'], datastore['MYSQL_PASS'])
+	end
+
+	def mysql_query(sql)
+		res = nil
+		begin
+			res = @mysql_handle.query(sql)
+		rescue ::RbMysql::Error => e
+			print_error("MySQL Error: #{e.class} #{e.to_s}")
+			return
+		end
+
+		res
+	end
+
+end
+end
+
--- a/lib/rbmysql/protocol.rb
+++ b/lib/rbmysql/protocol.rb
@ -506,7 +506,7 @@ class RbMysql
      # If values is [1, nil, 2, 3, nil] then returns "\x12"(0b10010).
      def null_bitmap(values)
        bitmap = values.enum_for(:each_slice,8).map do |vals|
-          vals.reverse.inject(0){|b, v|(b<<1 | (v ? 0 : 1))}
+          vals.reverse.inject(0){|b, v|(b << 1 | (v ? 0 : 1))}
        end
        return bitmap.pack("C*")
      end