infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

report access level on mssql_hashdump 

if we know we have admin access on mssql hashdumop
we should report that on the Login object.
bug/bundler_fix
David Maloney 2014-06-19 12:20:42 -05:00
parent d3c77b345c
commit bb120fd1e2
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/auxiliary/scanner/mssql/mssql_hashdump.rb
View File

@ -66,6 +66,12 @@ class Metasploit3 < Msf::Auxiliary
}
login_data.merge!(service_data)
is_sysadmin = mssql_query(mssql_is_sysadmin())[:rows][0][0]
unless is_sysadmin == 0
login_data[:access_level] = 'admin'
end
create_credential_login(login_data)
#Grabs the Instance Name and Version of MSSQL(2k,2k5,2k8)
@ -74,11 +80,12 @@ class Metasploit3 < Msf::Auxiliary
version = mssql_query(mssql_sql_info())[:rows][0][0]
version_year = version.split('-')[0].slice(/\d\d\d\d/)
mssql_hashes = mssql_hashdump(version_year)
unless mssql_hashes.nil?
report_hashes(mssql_hashes,version_year)
unless is_sysadmin == 0
mssql_hashes = mssql_hashdump(version_year)
unless mssql_hashes.nil?
report_hashes(mssql_hashes,version_year)
end
end
end