report access level on mssql_hashdump

if we know we have admin access on mssql hashdumop
we should report that on the Login object.
bug/bundler_fix
David Maloney 2014-06-19 12:20:42 -05:00
parent d3c77b345c
commit bb120fd1e2
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 11 additions and 4 deletions

View File

@ -66,6 +66,12 @@ class Metasploit3 < Msf::Auxiliary
}
login_data.merge!(service_data)
is_sysadmin = mssql_query(mssql_is_sysadmin())[:rows][0][0]
unless is_sysadmin == 0
login_data[:access_level] = 'admin'
end
create_credential_login(login_data)
#Grabs the Instance Name and Version of MSSQL(2k,2k5,2k8)
@ -74,11 +80,12 @@ class Metasploit3 < Msf::Auxiliary
version = mssql_query(mssql_sql_info())[:rows][0][0]
version_year = version.split('-')[0].slice(/\d\d\d\d/)
unless is_sysadmin == 0
mssql_hashes = mssql_hashdump(version_year)
unless mssql_hashes.nil?
report_hashes(mssql_hashes,version_year)
end
end
end