Class: Metasploit::Framework::LoginScanner::MSSQL

Inherits:
Object
  • Object
show all
Includes:
Base, NTLM, RexSocket, MSSQL::Client
Defined in:
lib/metasploit/framework/login_scanner/mssql.rb

Overview

This is the LoginScanner class for dealing with Microsoft SQL Servers. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results

Constant Summary collapse

DEFAULT_PORT =
1433
DEFAULT_REALM =
'WORKSTATION'
LIKELY_PORTS =

Lifted from lib/msf/core/exploit/mssql.rb

[ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ]
LIKELY_SERVICE_NAMES =

Lifted from lib/msf/core/exploit/mssql.rb

[ 'ms-sql-s', 'ms-sql2000', 'sybase', 'mssql' ]
PRIVATE_TYPES =
[ :password, :ntlm_hash ]
REALM_KEY =
Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN

Constants included from MSSQL::Client

MSSQL::Client::ENCRYPT_NOT_SUP, MSSQL::Client::ENCRYPT_OFF, MSSQL::Client::ENCRYPT_ON, MSSQL::Client::ENCRYPT_REQ, MSSQL::Client::STATUS_END_OF_MESSAGE, MSSQL::Client::STATUS_IGNORE_EVENT, MSSQL::Client::STATUS_NORMAL, MSSQL::Client::STATUS_RESETCONNECTION, MSSQL::Client::STATUS_RESETCONNECTIONSKIPTRAN, MSSQL::Client::TYPE_ATTENTION_SIGNAL, MSSQL::Client::TYPE_BULK_LOAD, MSSQL::Client::TYPE_PRE_LOGIN_MESSAGE, MSSQL::Client::TYPE_PRE_TDS7_LOGIN, MSSQL::Client::TYPE_RPC, MSSQL::Client::TYPE_SQL_BATCH, MSSQL::Client::TYPE_SSPI_MESSAGE, MSSQL::Client::TYPE_TABLE_RESPONSE, MSSQL::Client::TYPE_TDS7_LOGIN, MSSQL::Client::TYPE_TRANSACTION_MANAGER_REQUEST

Instance Attribute Summary collapse

Attributes included from Tcp::Client

#max_send_size, #send_delay, #sock

Instance Method Summary collapse

Methods included from MSSQL::Client

#mssql_login, #mssql_parse_done, #mssql_parse_env, #mssql_parse_error, #mssql_parse_info, #mssql_parse_login_ack, #mssql_parse_reply, #mssql_parse_ret, #mssql_parse_tds_reply, #mssql_parse_tds_row, #mssql_prelogin, #mssql_send_recv, #mssql_ssl_send_recv, #mssql_tds_encrypt, #send_lm, #send_ntlm, #send_spn, #use_ntlm2_session, #use_ntlmv2

Methods included from Tcp::Client

#chost, #connect, #cport, #disconnect, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Attribute Details

#tdsencryptionObject

Returns the value of attribute tdsencryption


35
36
37
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 35

def tdsencryption
  @tdsencryption
end

#windows_authenticationBoolean

Returns Whether to use Windows Authentication instead of SQL Server Auth.

Returns:

  • (Boolean)

    Whether to use Windows Authentication instead of SQL Server Auth.


30
31
32
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 30

def windows_authentication
  @windows_authentication
end

Instance Method Details

#attempt_login(credential) ⇒ Object


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/metasploit/framework/login_scanner/mssql.rb', line 40

def (credential)
  result_options = {
      credential: credential,
      host: host,
      port: port,
      protocol: 'tcp',
      service_name: 'mssql'
  }

  begin
    if (credential.public, credential.private, '', credential.realm)
      result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
    else
      result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
    end
  rescue ::Rex::ConnectionError
    result_options[:status] = Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
  end

  ::Metasploit::Framework::LoginScanner::Result.new(result_options)
end