adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/MSSQL.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1897 lines
80 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::MSSQL
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::MSSQL";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (M)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">MSSQL</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::MSSQL
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd>Exploit::Remote::NTLM::Client, <span class='object_link'><a href="Kerberos/ServiceAuthenticator/Options.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options (module)">Kerberos::ServiceAuthenticator::Options</a></span>, <span class='object_link'><a href="Kerberos/Ticket/Storage.html" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage (module)">Kerberos::Ticket::Storage</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html" title="Msf::Exploit::Remote::MSSQL_COMMANDS (module)">MSSQL_COMMANDS</a></span>, <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span>, <span class='object_link'><a href="Udp.html" title="Msf::Exploit::Remote::Udp (module)">Udp</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/mssql.rb</dd>
</dl>
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="ENCRYPT_OFF-constant" class="">ENCRYPT_OFF =
<div class="docstring">
<div class="discussion">
<p>Encryption is available but off.</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x00</span></pre></dd>
<dt id="ENCRYPT_ON-constant" class="">ENCRYPT_ON =
<div class="docstring">
<div class="discussion">
<p>Encryption is available and on.</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x01</span></pre></dd>
<dt id="ENCRYPT_NOT_SUP-constant" class="">ENCRYPT_NOT_SUP =
<div class="docstring">
<div class="discussion">
<p>Encryption is not available.</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x02</span></pre></dd>
<dt id="ENCRYPT_REQ-constant" class="">ENCRYPT_REQ =
<div class="docstring">
<div class="discussion">
<p>Encryption is required.</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x03</span></pre></dd>
</dl>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#mssql_client-instance_method" title="#mssql_client (instance method)">#<strong>mssql_client</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute mssql_client.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#sock-instance_method" title="Msf::Exploit::Remote::Tcp#sock (method)">#sock</a></span></p>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Udp.html" title="Msf::Exploit::Remote::Udp (module)">Udp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Udp.html#udp_sock-instance_method" title="Msf::Exploit::Remote::Udp#udp_sock (method)">#udp_sock</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#create_mssql_client-instance_method" title="#create_mssql_client (instance method)">#<strong>create_mssql_client</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Creates an instance of a MSSQL exploit module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_login-instance_method" title="#mssql_login (instance method)">#<strong>mssql_login</strong>(user = &#39;sa&#39;, pass = &#39;&#39;, db = &#39;&#39;, domain_name = &#39;&#39;) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>This method connects to the server over TCP and attempts to authenticate with the supplied username and password The global socket is used and left connected after auth.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_login_datastore-instance_method" title="#mssql_login_datastore (instance method)">#<strong>mssql_login_datastore</strong>(db = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_done-instance_method" title="#mssql_parse_done (instance method)">#<strong>mssql_parse_done</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse a “done” TDS token.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_env-instance_method" title="#mssql_parse_env (instance method)">#<strong>mssql_parse_env</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse an “environment change” TDS token.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_error-instance_method" title="#mssql_parse_error (instance method)">#<strong>mssql_parse_error</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse an “error” TDS token.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_info-instance_method" title="#mssql_parse_info (instance method)">#<strong>mssql_parse_info</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse an “information” TDS token.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_reply-instance_method" title="#mssql_parse_reply (instance method)">#<strong>mssql_parse_reply</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_ret-instance_method" title="#mssql_parse_ret (instance method)">#<strong>mssql_parse_ret</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse a “ret” TDS token.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_tds_reply-instance_method" title="#mssql_parse_tds_reply (instance method)">#<strong>mssql_parse_tds_reply</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Execute a system command via xp_cmdshell.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_parse_tds_row-instance_method" title="#mssql_parse_tds_row (instance method)">#<strong>mssql_parse_tds_row</strong>(data, info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse a single row of a TDS reply.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_ping-instance_method" title="#mssql_ping (instance method)">#<strong>mssql_ping</strong>(timeout = 5) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>This method sends a UDP query packet to the server and parses out the reply packet into a hash.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_ping_parse-instance_method" title="#mssql_ping_parse (instance method)">#<strong>mssql_ping_parse</strong>(data) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Parse a ping response and format as a hash.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_prelogin-instance_method" title="#mssql_prelogin (instance method)">#<strong>mssql_prelogin</strong>(enc_error = false) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>this method send a prelogin packet and check if encryption is off.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_print_reply-instance_method" title="#mssql_print_reply (instance method)">#<strong>mssql_print_reply</strong>(info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Nicely print the results of a SQL query.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_query-instance_method" title="#mssql_query (instance method)">#<strong>mssql_query</strong>(sqla, doprint = false, opts = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Issue a SQL query using the TDS protocol.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_send_recv-instance_method" title="#mssql_send_recv (instance method)">#<strong>mssql_send_recv</strong>(req, timeout = 15, check_status = true) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_tds_encrypt-instance_method" title="#mssql_tds_encrypt (instance method)">#<strong>mssql_tds_encrypt</strong>(pass) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Encrypt a password according to the TDS protocol (encode).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_upload_exec-instance_method" title="#mssql_upload_exec (instance method)">#<strong>mssql_upload_exec</strong>(exe, debug = false) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Upload and execute a Windows binary through MSSQL queries.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#mssql_xpcmdshell-instance_method" title="#mssql_xpcmdshell (instance method)">#<strong>mssql_xpcmdshell</strong>(cmd, doprint = false, opts = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#powershell_upload_exec-instance_method" title="#powershell_upload_exec (instance method)">#<strong>powershell_upload_exec</strong>(exe, debug = false) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Upload and execute a Windows binary through MSSQL queries and Powershell.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#set_mssql_session-instance_method" title="#set_mssql_session (instance method)">#<strong>set_mssql_session</strong>(client) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Kerberos/ServiceAuthenticator/Options.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options (module)">Kerberos::ServiceAuthenticator::Options</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Kerberos/ServiceAuthenticator/Options.html#kerberos_auth_options-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_auth_options (method)">#kerberos_auth_options</a></span>, <span class='object_link'><a href="Kerberos/ServiceAuthenticator/Options.html#kerberos_clock_skew_seconds-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_clock_skew_seconds (method)">#kerberos_clock_skew_seconds</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Kerberos/Ticket/Storage.html" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage (module)">Kerberos::Ticket::Storage</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Kerberos/Ticket/Storage.html#kerberos_storage_options-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_storage_options (method)">#kerberos_storage_options</a></span>, <span class='object_link'><a href="Kerberos/Ticket/Storage.html#kerberos_ticket_storage-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_ticket_storage (method)">#kerberos_ticket_storage</a></span>, <span class='object_link'><a href="Kerberos/Ticket/Storage.html#store_ccache-class_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage.store_ccache (method)">store_ccache</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#chost-instance_method" title="Msf::Exploit::Remote::Tcp#chost (method)">#chost</a></span>, <span class='object_link'><a href="Tcp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Tcp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Tcp.html#connect-instance_method" title="Msf::Exploit::Remote::Tcp#connect (method)">#connect</a></span>, <span class='object_link'><a href="Tcp.html#connect_timeout-instance_method" title="Msf::Exploit::Remote::Tcp#connect_timeout (method)">#connect_timeout</a></span>, <span class='object_link'><a href="Tcp.html#cport-instance_method" title="Msf::Exploit::Remote::Tcp#cport (method)">#cport</a></span>, <span class='object_link'><a href="Tcp.html#disconnect-instance_method" title="Msf::Exploit::Remote::Tcp#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="Tcp.html#handler-instance_method" title="Msf::Exploit::Remote::Tcp#handler (method)">#handler</a></span>, <span class='object_link'><a href="Tcp.html#lhost-instance_method" title="Msf::Exploit::Remote::Tcp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="Tcp.html#lport-instance_method" title="Msf::Exploit::Remote::Tcp#lport (method)">#lport</a></span>, <span class='object_link'><a href="Tcp.html#peer-instance_method" title="Msf::Exploit::Remote::Tcp#peer (method)">#peer</a></span>, <span class='object_link'><a href="Tcp.html#print_prefix-instance_method" title="Msf::Exploit::Remote::Tcp#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="Tcp.html#proxies-instance_method" title="Msf::Exploit::Remote::Tcp#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="Tcp.html#replicant-instance_method" title="Msf::Exploit::Remote::Tcp#replicant (method)">#replicant</a></span>, <span class='object_link'><a href="Tcp.html#rhost-instance_method" title="Msf::Exploit::Remote::Tcp#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="Tcp.html#rport-instance_method" title="Msf::Exploit::Remote::Tcp#rport (method)">#rport</a></span>, <span class='object_link'><a href="Tcp.html#set_tcp_evasions-instance_method" title="Msf::Exploit::Remote::Tcp#set_tcp_evasions (method)">#set_tcp_evasions</a></span>, <span class='object_link'><a href="Tcp.html#shutdown-instance_method" title="Msf::Exploit::Remote::Tcp#shutdown (method)">#shutdown</a></span>, <span class='object_link'><a href="Tcp.html#ssl-instance_method" title="Msf::Exploit::Remote::Tcp#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="Tcp.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="Tcp.html#ssl_verify_mode-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_verify_mode (method)">#ssl_verify_mode</a></span>, <span class='object_link'><a href="Tcp.html#ssl_version-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="Tcp.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::Tcp#sslkeylogfile (method)">#sslkeylogfile</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Udp.html" title="Msf::Exploit::Remote::Udp (module)">Udp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Udp.html#chost-instance_method" title="Msf::Exploit::Remote::Udp#chost (method)">#chost</a></span>, <span class='object_link'><a href="Udp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Udp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Udp.html#connect_udp-instance_method" title="Msf::Exploit::Remote::Udp#connect_udp (method)">#connect_udp</a></span>, <span class='object_link'><a href="Udp.html#cport-instance_method" title="Msf::Exploit::Remote::Udp#cport (method)">#cport</a></span>, <span class='object_link'><a href="Udp.html#deregister_udp_options-instance_method" title="Msf::Exploit::Remote::Udp#deregister_udp_options (method)">#deregister_udp_options</a></span>, <span class='object_link'><a href="Udp.html#disconnect_udp-instance_method" title="Msf::Exploit::Remote::Udp#disconnect_udp (method)">#disconnect_udp</a></span>, <span class='object_link'><a href="Udp.html#handler-instance_method" title="Msf::Exploit::Remote::Udp#handler (method)">#handler</a></span>, <span class='object_link'><a href="Udp.html#lhost-instance_method" title="Msf::Exploit::Remote::Udp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="Udp.html#lport-instance_method" title="Msf::Exploit::Remote::Udp#lport (method)">#lport</a></span>, <span class='object_link'><a href="Udp.html#rhost-instance_method" title="Msf::Exploit::Remote::Udp#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="Udp.html#rport-instance_method" title="Msf::Exploit::Remote::Udp#rport (method)">#rport</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="MSSQL_COMMANDS.html" title="Msf::Exploit::Remote::MSSQL_COMMANDS (module)">MSSQL_COMMANDS</a></span></h3>
<p class="inherited"><span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_2k5_password_hashes-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_2k5_password_hashes (method)">#mssql_2k5_password_hashes</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_2k_password_hashes-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_2k_password_hashes (method)">#mssql_2k_password_hashes</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_current_user_escalation-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_current_user_escalation (method)">#mssql_current_user_escalation</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_db_names-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_db_names (method)">#mssql_db_names</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_enumerate_servername-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_enumerate_servername (method)">#mssql_enumerate_servername</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_is_sysadmin-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_is_sysadmin (method)">#mssql_is_sysadmin</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_rdp_enable-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_rdp_enable (method)">#mssql_rdp_enable</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_rebuild_xpcmdshell-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_rebuild_xpcmdshell (method)">#mssql_rebuild_xpcmdshell</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_sa_escalation-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_sa_escalation (method)">#mssql_sa_escalation</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_sql_info-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_sql_info (method)">#mssql_sql_info</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_sql_xpcmdshell_disable_2000-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_sql_xpcmdshell_disable_2000 (method)">#mssql_sql_xpcmdshell_disable_2000</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_xpcmdshell_disable-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_xpcmdshell_disable (method)">#mssql_xpcmdshell_disable</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_xpcmdshell_enable-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_xpcmdshell_enable (method)">#mssql_xpcmdshell_enable</a></span>, <span class='object_link'><a href="MSSQL_COMMANDS.html#mssql_xpcmdshell_enable_2000-instance_method" title="Msf::Exploit::Remote::MSSQL_COMMANDS#mssql_xpcmdshell_enable_2000 (method)">#mssql_xpcmdshell_enable_2000</a></span></p>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="mssql_client=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="mssql_client-instance_method">
#<strong>mssql_client</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute mssql_client.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
20
21
22</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 20</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_client'>mssql_client</span>
<span class='ivar'>@mssql_client</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="create_mssql_client-instance_method">
#<strong>create_mssql_client</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
60
61
62</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 60</span>
<span class='kw'>def</span> <span class='id identifier rubyid_create_mssql_client'>create_mssql_client</span>
<span class='ivar'>@mssql_client</span> <span class='op'>||=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/MSSQL.html" title="Rex::Proto::MSSQL (module)">MSSQL</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/MSSQL/Client.html" title="Rex::Proto::MSSQL::Client (class)">Client</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../Rex/Proto/MSSQL/Client.html#initialize-instance_method" title="Rex::Proto::MSSQL::Client#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RHOST</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Creates an instance of a MSSQL exploit module.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 30</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='comment'># Register the options that all MSSQL exploits may make use of.
</span> <span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RHOST-constant" title="Msf::Opt::RHOST (constant)">RHOST</a></span></span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RPORT-constant" title="Msf::Opt::RPORT (constant)">RPORT</a></span></span><span class='lparen'>(</span><span class='int'>1433</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The username to authenticate as</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>sa</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The password for the specified username</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='comment'># OptBool.new(&#39;TDSENCRYPTION&#39;, [ true, &#39;Use TLS/SSL for TDS data &quot;Force Encryption&quot;&#39;, false]), - TODO: support TDS Encryption
</span> <span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::MSSQL (module)">MSSQL</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_advanced_options'>register_advanced_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptPath.html" title="Msf::OptPath (class)">OptPath</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBase.html#initialize-instance_method" title="Msf::OptBase#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>HEX2BINARY</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The path to the hex2binary script on the disk</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Config.html" title="Msf::Config (class)">Config</a></span></span><span class='period'>.</span><span class='id identifier rubyid_data_directory'><span class='object_link'><a href="../../Config.html#data_directory-class_method" title="Msf::Config.data_directory (method)">data_directory</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>exploits</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>mssql</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>h2b</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DOMAIN</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The domain to use for windows authentication</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>aliases:</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>MssqlDomain</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='op'>*</span><span class='id identifier rubyid_kerberos_storage_options'>kerberos_storage_options</span><span class='lparen'>(</span><span class='label'>protocol:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Mssql</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='op'>*</span><span class='id identifier rubyid_kerberos_auth_options'>kerberos_auth_options</span><span class='lparen'>(</span><span class='label'>protocol:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Mssql</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='label'>auth_methods:</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="AuthOption.html" title="Msf::Exploit::Remote::AuthOption (module)">AuthOption</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="AuthOption.html#MSSQL_OPTIONS-constant" title="Msf::Exploit::Remote::AuthOption::MSSQL_OPTIONS (constant)">MSSQL_OPTIONS</a></span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::MSSQL (module)">MSSQL</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_autofilter_ports'>register_autofilter_ports</span><span class='lparen'>(</span><span class='lbracket'>[</span> <span class='int'>1433</span><span class='comma'>,</span> <span class='int'>1434</span><span class='comma'>,</span> <span class='int'>1435</span><span class='comma'>,</span> <span class='int'>14330</span><span class='comma'>,</span> <span class='int'>2533</span><span class='comma'>,</span> <span class='int'>9152</span><span class='comma'>,</span> <span class='int'>2638</span> <span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_autofilter_services'>register_autofilter_services</span><span class='lparen'>(</span><span class='words_beg'>%W{</span><span class='words_sep'> </span><span class='tstring_content'>ms-sql-s</span><span class='words_sep'> </span><span class='tstring_content'>ms-sql2000</span><span class='words_sep'> </span><span class='tstring_content'>sybase</span><span class='words_sep'> </span><span class='tstring_end'>}</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_login-instance_method">
#<strong>mssql_login</strong>(user = &#39;sa&#39;, pass = &#39;&#39;, db = &#39;&#39;, domain_name = &#39;&#39;) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>This method connects to the server over TCP and attempts to authenticate with the supplied username and password The global socket is used and left connected after auth</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
202
203
204
205
206
207</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 202</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_login'>mssql_login</span><span class='lparen'>(</span><span class='id identifier rubyid_user'>user</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>sa</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_pass'>pass</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_db'>db</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_domain_name'>domain_name</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span> <span class='op'>||=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/MSSQL.html" title="Rex::Proto::MSSQL (module)">MSSQL</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Proto/MSSQL/Client.html" title="Rex::Proto::MSSQL::Client (class)">Client</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../Rex/Proto/MSSQL/Client.html#initialize-instance_method" title="Rex::Proto::MSSQL::Client#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RHOST</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_login'>mssql_login</span><span class='lparen'>(</span><span class='id identifier rubyid_user'>user</span><span class='comma'>,</span> <span class='id identifier rubyid_pass'>pass</span><span class='comma'>,</span> <span class='id identifier rubyid_db'>db</span><span class='comma'>,</span> <span class='id identifier rubyid_domain_name'>domain_name</span><span class='rparen'>)</span>
<span class='id identifier rubyid_add_socket'>add_socket</span><span class='lparen'>(</span><span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_sock'>sock</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_sock'>sock</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='id identifier rubyid_sockets'>sockets</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_sock'>sock</span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_login_datastore-instance_method">
#<strong>mssql_login_datastore</strong>(db = nil) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
209
210
211</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 209</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_login_datastore'>mssql_login_datastore</span><span class='lparen'>(</span><span class='id identifier rubyid_db'>db</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_mssql_login'>mssql_login</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_db'>db</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>MssqlDomain</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_done-instance_method">
#<strong>mssql_parse_done</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse a “done” TDS token</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
147
148
149</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 147</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_done'>mssql_parse_done</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_done'>mssql_parse_done</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_env-instance_method">
#<strong>mssql_parse_env</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse an “environment change” TDS token</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
161
162
163</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 161</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_env'>mssql_parse_env</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_env'>mssql_parse_env</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_error-instance_method">
#<strong>mssql_parse_error</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse an “error” TDS token</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
154
155
156</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 154</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_error'>mssql_parse_error</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_error'>mssql_parse_error</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_info-instance_method">
#<strong>mssql_parse_info</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse an “information” TDS token</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
168
169
170</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 168</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_info'>mssql_parse_info</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_info'>mssql_parse_info</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_reply-instance_method">
#<strong>mssql_parse_reply</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
126
127
128</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 126</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_reply'>mssql_parse_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_reply'>mssql_parse_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_ret-instance_method">
#<strong>mssql_parse_ret</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse a “ret” TDS token</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
140
141
142</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 140</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_ret'>mssql_parse_ret</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_ret'>mssql_parse_ret</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_tds_reply-instance_method">
#<strong>mssql_parse_tds_reply</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Execute a system command via xp_cmdshell</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
122
123
124</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 122</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_tds_reply'>mssql_parse_tds_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_tds_reply'>mssql_parse_tds_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_parse_tds_row-instance_method">
#<strong>mssql_parse_tds_row</strong>(data, info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse a single row of a TDS reply</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
133
134
135</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 133</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_parse_tds_row'>mssql_parse_tds_row</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_parse_tds_row'>mssql_parse_tds_row</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_ping-instance_method">
#<strong>mssql_ping</strong>(timeout = 5) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>This method sends a UDP query packet to the server and parses out the reply packet into a hash</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 68</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_ping'>mssql_ping</span><span class='lparen'>(</span><span class='id identifier rubyid_timeout'>timeout</span><span class='op'>=</span><span class='int'>5</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_ping_sock'>ping_sock</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='const'>Udp</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PeerHost</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_rhost'>rhost</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PeerPort</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='int'>1434</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Context</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span>
<span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Msf</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>MsfExploit</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>self</span><span class='comma'>,</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ping_sock'>ping_sock</span><span class='period'>.</span><span class='id identifier rubyid_put'>put</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\x02</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_resp'>resp</span><span class='comma'>,</span> <span class='id identifier rubyid__saddr'>_saddr</span><span class='comma'>,</span> <span class='id identifier rubyid__sport'>_sport</span> <span class='op'>=</span> <span class='id identifier rubyid_ping_sock'>ping_sock</span><span class='period'>.</span><span class='id identifier rubyid_recvfrom'>recvfrom</span><span class='lparen'>(</span><span class='int'>65535</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ping_sock'>ping_sock</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
<span class='kw'>return</span> <span class='id identifier rubyid_data'>data</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_resp'>resp</span>
<span class='kw'>return</span> <span class='id identifier rubyid_data'>data</span> <span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='kw'>return</span> <span class='id identifier rubyid_mssql_ping_parse'>mssql_ping_parse</span><span class='lparen'>(</span><span class='id identifier rubyid_resp'>resp</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_ping_parse-instance_method">
#<strong>mssql_ping_parse</strong>(data) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Parse a ping response and format as a hash</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 93</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_ping_parse'>mssql_ping_parse</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_var'>var</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_idx'>idx</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_index'>index</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ServerName</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_res'>res</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_idx'>idx</span>
<span class='id identifier rubyid_sdata'>sdata</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='id identifier rubyid_idx'>idx</span><span class='comma'>,</span> <span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>-</span> <span class='int'>1</span><span class='rparen'>)</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_instances'>instances</span> <span class='op'>=</span> <span class='id identifier rubyid_sdata'>sdata</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_instances'>instances</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_instance'>instance</span><span class='op'>|</span>
<span class='id identifier rubyid_rinst'>rinst</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_instance'>instance</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_d'>d</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='kw'>not</span> <span class='id identifier rubyid_var'>var</span><span class='rparen'>)</span>
<span class='id identifier rubyid_var'>var</span> <span class='op'>=</span> <span class='id identifier rubyid_d'>d</span>
<span class='kw'>else</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_var'>var</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='id identifier rubyid_rinst'>rinst</span><span class='lbracket'>[</span><span class='id identifier rubyid_var'>var</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_d'>d</span>
<span class='id identifier rubyid_var'>var</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_rinst'>rinst</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_res'>res</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_prelogin-instance_method">
#<strong>mssql_prelogin</strong>(enc_error = false) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>this method send a prelogin packet and check if encryption is off</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
193
194
195</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 193</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_prelogin'>mssql_prelogin</span><span class='lparen'>(</span><span class='id identifier rubyid_enc_error'>enc_error</span><span class='op'>=</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_prelogin'>mssql_prelogin</span><span class='lparen'>(</span><span class='id identifier rubyid_enc_error'>enc_error</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_print_reply-instance_method">
#<strong>mssql_print_reply</strong>(info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Nicely print the results of a SQL query</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
222
223
224</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 222</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_print_reply'>mssql_print_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_print_reply'>mssql_print_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_query-instance_method">
#<strong>mssql_query</strong>(sqla, doprint = false, opts = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Issue a SQL query using the TDS protocol</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
215
216
217</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 215</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_query'>mssql_query</span><span class='lparen'>(</span><span class='id identifier rubyid_sqla'>sqla</span><span class='comma'>,</span> <span class='id identifier rubyid_doprint'>doprint</span><span class='op'>=</span><span class='kw'>false</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_query'>query</span><span class='lparen'>(</span><span class='id identifier rubyid_sqla'>sqla</span><span class='comma'>,</span> <span class='id identifier rubyid_doprint'>doprint</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_send_recv-instance_method">
#<strong>mssql_send_recv</strong>(req, timeout = 15, check_status = true) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
226
227
228</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 226</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_send_recv'>mssql_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_req'>req</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='op'>=</span><span class='int'>15</span><span class='comma'>,</span> <span class='id identifier rubyid_check_status'>check_status</span> <span class='op'>=</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_send_recv'>mssql_send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_req'>req</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='comma'>,</span> <span class='id identifier rubyid_check_status'>check_status</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_tds_encrypt-instance_method">
#<strong>mssql_tds_encrypt</strong>(pass) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Encrypt a password according to the TDS protocol (encode)</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
233
234
235
236</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 233</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_tds_encrypt'>mssql_tds_encrypt</span><span class='lparen'>(</span><span class='id identifier rubyid_pass'>pass</span><span class='rparen'>)</span>
<span class='comment'># Convert to unicode, swap 4 bits both ways, xor with 0xa5
</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_to_unicode'>to_unicode</span><span class='lparen'>(</span><span class='id identifier rubyid_pass'>pass</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_c'>c</span><span class='op'>|</span> <span class='lparen'>(</span><span class='lparen'>(</span><span class='lparen'>(</span><span class='id identifier rubyid_c'>c</span> <span class='op'>&amp;</span> <span class='int'>0x0f</span><span class='rparen'>)</span> <span class='op'>&lt;&lt;</span> <span class='int'>4</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='lparen'>(</span><span class='lparen'>(</span><span class='id identifier rubyid_c'>c</span> <span class='op'>&amp;</span> <span class='int'>0xf0</span><span class='rparen'>)</span> <span class='op'>&gt;&gt;</span> <span class='int'>4</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='op'>^</span> <span class='int'>0xa5</span> <span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_upload_exec-instance_method">
#<strong>mssql_upload_exec</strong>(exe, debug = false) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Upload and execute a Windows binary through MSSQL queries</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
179
180
181</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 179</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_upload_exec'>mssql_upload_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_exe'>exe</span><span class='comma'>,</span> <span class='id identifier rubyid_debug'>debug</span><span class='op'>=</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_upload_exec'>mssql_upload_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_exe'>exe</span><span class='comma'>,</span> <span class='id identifier rubyid_debug'>debug</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="mssql_xpcmdshell-instance_method">
#<strong>mssql_xpcmdshell</strong>(cmd, doprint = false, opts = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
172
173
174</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 172</span>
<span class='kw'>def</span> <span class='id identifier rubyid_mssql_xpcmdshell'>mssql_xpcmdshell</span><span class='lparen'>(</span><span class='id identifier rubyid_cmd'>cmd</span><span class='comma'>,</span> <span class='id identifier rubyid_doprint'>doprint</span><span class='op'>=</span><span class='kw'>false</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_mssql_xpcmdshell'>mssql_xpcmdshell</span><span class='lparen'>(</span><span class='id identifier rubyid_cmd'>cmd</span><span class='comma'>,</span> <span class='id identifier rubyid_doprint'>doprint</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="powershell_upload_exec-instance_method">
#<strong>powershell_upload_exec</strong>(exe, debug = false) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Upload and execute a Windows binary through MSSQL queries and Powershell</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
186
187
188</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 186</span>
<span class='kw'>def</span> <span class='id identifier rubyid_powershell_upload_exec'>powershell_upload_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_exe'>exe</span><span class='comma'>,</span> <span class='id identifier rubyid_debug'>debug</span><span class='op'>=</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span><span class='period'>.</span><span class='id identifier rubyid_powershell_upload_exec'>powershell_upload_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_exe'>exe</span><span class='comma'>,</span> <span class='id identifier rubyid_debug'>debug</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="set_mssql_session-instance_method">
#<strong>set_mssql_session</strong>(client) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
55
56
57
58</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/mssql.rb', line 55</span>
<span class='kw'>def</span> <span class='id identifier rubyid_set_mssql_session'>set_mssql_session</span><span class='lparen'>(</span><span class='id identifier rubyid_client'>client</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Using existing session </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sid'>sid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='ivar'>@mssql_client</span> <span class='op'>=</span> <span class='id identifier rubyid_client'>client</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:34 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink