From bb120fd1e2820eee198a1b1506029d118dd0b82e Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Thu, 19 Jun 2014 12:20:42 -0500
Subject: [PATCH] report access level on mssql_hashdump

if we know we have admin access on mssql hashdumop
we should report that on the Login object.
---
 modules/auxiliary/scanner/mssql/mssql_hashdump.rb | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
index cb2b494a2b..4d80fd3053 100644
--- a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
+++ b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
@@ -66,6 +66,12 @@ class Metasploit3 < Msf::Auxiliary
     }
     login_data.merge!(service_data)
 
+    is_sysadmin = mssql_query(mssql_is_sysadmin())[:rows][0][0]
+
+    unless is_sysadmin == 0
+      login_data[:access_level] = 'admin'
+    end
+
     create_credential_login(login_data)
 
     #Grabs the Instance Name and Version of MSSQL(2k,2k5,2k8)
@@ -74,11 +80,12 @@ class Metasploit3 < Msf::Auxiliary
     version = mssql_query(mssql_sql_info())[:rows][0][0]
     version_year = version.split('-')[0].slice(/\d\d\d\d/)
 
-    mssql_hashes = mssql_hashdump(version_year)
-    unless mssql_hashes.nil?
-      report_hashes(mssql_hashes,version_year)
+    unless is_sysadmin == 0
+      mssql_hashes = mssql_hashdump(version_year)
+      unless mssql_hashes.nil?
+        report_hashes(mssql_hashes,version_year)
+      end
     end
-
   end