Fix to MSSQL Ping that returns ALL known isntances onstead of jsut the first one.

Fixes #6066
2012-01-10 12:32:47 -08:00 · 2012-01-10 12:32:47 -08:00 · ed0dbad243
parent 753ddb27c5
commit ed0dbad243
2 changed files with 24 additions and 17 deletions
--- a/lib/msf/core/exploit/mssql.rb
+++ b/lib/msf/core/exploit/mssql.rb
@ -116,20 +116,26 @@ module Exploit::Remote::MSSQL
 	# Parse a 'ping' response and format as a hash
 	#
 	def mssql_ping_parse(data)
-		res = {}
+		res = []
 		var = nil
 		idx = data.index('ServerName')
 		return res if not idx
+		sdata = data[idx, (data.length - 1)]

-		data[idx, data.length-idx].split(';').each do |d|
-			if (not var)
-				var = d
-			else
-				if (var.length > 0)
-					res[var] = d
-					var = nil
+		instances = sdata.split(';;')
+		instances.each do |instance|
+			rinst = {}
+			instance.split(';').each do |d|
+				if (not var)
+					var = d
+				else
+					if (var.length > 0)
+						rinst[var] = d
+						var = nil
+					end
 				end
 			end
+			res << rinst
 		end

 		return res
--- a/modules/auxiliary/scanner/mssql/mssql_ping.rb
+++ b/modules/auxiliary/scanner/mssql/mssql_ping.rb
@ -40,18 +40,19 @@ class Metasploit3 < Msf::Auxiliary
 		begin

 		info = mssql_ping(2)
-		if (info['ServerName'])
-			print_status("SQL Server information for #{ip}:")
-			info.each_pair { |k,v|
-				print_status("   #{k + (" " * (15-k.length))} = #{v}")
-			}
-			if info['tcp']
-				report_mssql_service(ip,info)
+		print_status info.inspect
+		if info and not info.empty?
+			info.each do |instance|
+				if (instance['ServerName'])
+					print_status("SQL Server information for #{ip}:")
+					instance.each_pair {|k,v| print_good("   #{k + (" " * (15-k.length))} = #{v}")}
+					if instance['tcp']
+						report_mssql_service(ip,instance)
+					end
+				end
 			end
-
 		end

-
 		rescue ::Rex::ConnectionError
 		end
 	end