modules/auxiliary/admin/mssql/mssql_sql.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::MSSQL
  include Msf::OptionalSession::MSSQL

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Microsoft SQL Server Generic Query',
      'Description'    => %q{
          This module will allow for simple SQL statements to be executed against a
          MSSQL/MSDE instance given the appropriate credentials.
      },
      'Author'         => [ 'tebo <tebo[at]attackresearch.com>' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'URL', 'http://www.attackresearch.com' ],
          [ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],
        ]
    ))

    register_options(
      [
        OptString.new('SQL', [ false, 'The SQL query to execute',  'select @@version']),
      ])
  end

  def auxiliary_commands
    { "select" => "Run a select query (a LIMIT clause is probably a really good idea)" }
  end

  def cmd_select(*args)
    datastore["SQL"] = "select #{args.join(" ")}"
    run
  end

  def run
    if session
      set_session(session.client)
    else
      return unless mssql_login_datastore
    end

    mssql_query(datastore['SQL'], true)
  end
end
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`include Msf::Exploit::Remote::MSSQL`
Use mssql option session mixin with mssql modules 2024-02-14 12:15:23 +00:00			`include Msf::OptionalSession::MSSQL`
Retab modules 2013-08-30 16:28:54 -05:00
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`def initialize(info = {})`
			`super(update_info(info,`
Complete overhaul of the MSSQL API, fixes 1.9 compat issues and makes the MSSQL testing easier 2009-10-13 22:24:47 +00:00			`'Name' => 'Microsoft SQL Server Generic Query',`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`'Description' => %q{`
			`This module will allow for simple SQL statements to be executed against a`
first round of spelling/grammar fixes 2017-08-24 21:38:44 -04:00			`MSSQL/MSDE instance given the appropriate credentials.`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`},`
Fix email format 2014-07-11 12:45:23 -05:00			`'Author' => [ 'tebo <tebo[at]attackresearch.com>' ],`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`'License' => MSF_LICENSE,`
			`'References' =>`
			`[`
Fix URL reference 2011-07-24 19:36:37 +00:00			`[ 'URL', 'http://www.attackresearch.com' ],`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`[ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],`
Removes session types from module with session type mixin 2024-02-19 10:34:16 +00:00			`]`
Complete overhaul of the MSSQL API, fixes 1.9 compat issues and makes the MSSQL testing easier 2009-10-13 22:24:47 +00:00			`))`
Retab modules 2013-08-30 16:28:54 -05:00
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00			`register_options(`
Complete overhaul of the MSSQL API, fixes 1.9 compat issues and makes the MSSQL testing easier 2009-10-13 22:24:47 +00:00			`[`
			`OptString.new('SQL', [ false, 'The SQL query to execute', 'select @@version']),`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Add a select command for the various SQL modules 2012-06-18 23:59:57 -06:00			`def auxiliary_commands`
			`{ "select" => "Run a select query (a LIMIT clause is probably a really good idea)" }`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
Add a select command for the various SQL modules 2012-06-18 23:59:57 -06:00			`def cmd_select(*args)`
			`datastore["SQL"] = "select #{args.join(" ")}"`
			`run`
			`end`
Retab modules 2013-08-30 16:28:54 -05:00
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`def run`
adjust session logic in modules 2024-02-12 15:47:49 -06:00			`if session`
			`set_session(session.client)`
			`else`
			`return unless mssql_login_datastore`
update relevant modules to work with sessions 2024-01-29 17:17:29 -05:00			`end`

adjust session logic in modules 2024-02-12 15:47:49 -06:00			`mssql_query(datastore['SQL'], true)`
more awesomeness from tebo 2009-01-12 05:18:05 +00:00			`end`
			`end`