Class: Metasploit::Framework::LoginScanner::MSSQL
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::MSSQL
- Includes:
- Base, NTLM, RexSocket, MSSQL::Client
- Defined in:
- lib/metasploit/framework/login_scanner/mssql.rb
Overview
This is the LoginScanner class for dealing with Microsoft SQL Servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results
Constant Summary collapse
- DEFAULT_PORT =
1433
- DEFAULT_REALM =
'WORKSTATION'
- LIKELY_PORTS =
Lifted from lib/msf/core/exploit/mssql.rb
[ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]
- LIKELY_SERVICE_NAMES =
Lifted from lib/msf/core/exploit/mssql.rb
[ 'ms-sql-s', 'ms-sql2000', 'sybase', 'mssql' ]
- PRIVATE_TYPES =
[ :password, :ntlm_hash ]
- REALM_KEY =
Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
Constants included from MSSQL::Base
MSSQL::Base::ENCRYPT_NOT_SUP, MSSQL::Base::ENCRYPT_OFF, MSSQL::Base::ENCRYPT_ON, MSSQL::Base::ENCRYPT_REQ, MSSQL::Base::STATUS_END_OF_MESSAGE, MSSQL::Base::STATUS_IGNORE_EVENT, MSSQL::Base::STATUS_NORMAL, MSSQL::Base::STATUS_RESETCONNECTION, MSSQL::Base::STATUS_RESETCONNECTIONSKIPTRAN, MSSQL::Base::TYPE_ATTENTION_SIGNAL, MSSQL::Base::TYPE_BULK_LOAD, MSSQL::Base::TYPE_PRE_LOGIN_MESSAGE, MSSQL::Base::TYPE_PRE_TDS7_LOGIN, MSSQL::Base::TYPE_RPC, MSSQL::Base::TYPE_SQL_BATCH, MSSQL::Base::TYPE_SSPI_MESSAGE, MSSQL::Base::TYPE_TABLE_RESPONSE, MSSQL::Base::TYPE_TDS7_LOGIN, MSSQL::Base::TYPE_TRANSACTION_MANAGER_REQUEST
Instance Attribute Summary collapse
-
#auth ⇒ Array<String>
Auth The Authentication mechanism to use.
-
#domain_controller_rhost ⇒ String
Auth The mssql hostname, required for Kerberos Authentication.
-
#hostname ⇒ Object
Returns the value of attribute hostname.
-
#tdsencryption ⇒ Object
Returns the value of attribute tdsencryption.
-
#windows_authentication ⇒ Boolean
Whether to use Windows Authentication instead of SQL Server Auth.
Attributes included from Tcp::Client
#max_send_size, #send_delay, #sock
Instance Method Summary collapse
Methods included from MSSQL::Client
#mssql_login, #mssql_prelogin, #mssql_ssl_send_recv, #send_lm, #send_ntlm, #send_spn, #use_ntlm2_session, #use_ntlmv2
Methods included from MSSQL::Base
#mssql_parse_done, #mssql_parse_env, #mssql_parse_error, #mssql_parse_info, #mssql_parse_login_ack, #mssql_parse_reply, #mssql_parse_ret, #mssql_parse_tds_reply, #mssql_parse_tds_row, #mssql_send_recv, #mssql_tds_encrypt
Methods included from Tcp::Client
#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version
Instance Attribute Details
#auth ⇒ Array<String>
Returns Auth The Authentication mechanism to use.
31 32 33 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 31 def auth @auth end |
#domain_controller_rhost ⇒ String
Returns Auth The mssql hostname, required for Kerberos Authentication.
41 42 43 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 41 def domain_controller_rhost @domain_controller_rhost end |
#hostname ⇒ Object
Returns the value of attribute hostname.
45 46 47 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 45 def hostname @hostname end |
#tdsencryption ⇒ Object
Returns the value of attribute tdsencryption.
54 55 56 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 54 def tdsencryption @tdsencryption end |
#windows_authentication ⇒ Boolean
Returns Whether to use Windows Authentication instead of SQL Server Auth.
49 50 51 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 49 def windows_authentication @windows_authentication end |
Instance Method Details
#attempt_login(credential) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 59 def attempt_login(credential) = { credential: credential, host: host, port: port, protocol: 'tcp', service_name: 'mssql' } begin if mssql_login(credential.public, credential.private, '', credential.realm) [:status] = Metasploit::Model::Login::Status::SUCCESSFUL else [:status] = Metasploit::Model::Login::Status::INCORRECT end rescue ::Rex::ConnectionError => e [:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT [:proof] = e rescue => e elog(e) [:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT [:proof] = e end ::Metasploit::Framework::LoginScanner::Result.new() end |