module
Microsoft SQL Server Database Link Crawling Command Execution
| Disclosed | Created |
|---|---|
| 01/01/2000 | 05/30/2018 |
Disclosed
01/01/2000
Created
05/30/2018
Description
This module can be used to crawl MS SQL Server database links and deploy
Metasploit payloads through links configured with sysadmin privileges using a
valid SQL Server Login.
If you are attempting to obtain multiple reverse shells using this module we
recommend setting the "DisablePayloadHandler" advanced option to "true", and setting
up a exploit/multi/handler to run in the background as a job to support multiple incoming
shells.
If you are interested in deploying payloads to specific servers this module also
supports that functionality via the "DEPLOYLIST" option.
Currently, the module is capable of delivering payloads to both 32bit and 64bit
Windows systems via powershell memory injection methods based on Matthew Graeber's
work. As a result, the target server must have powershell installed. By default,
all of the crawl information is saved to a CSV formatted log file and MSF loot so
that the tool can also be used for auditing without deploying payloads.
Metasploit payloads through links configured with sysadmin privileges using a
valid SQL Server Login.
If you are attempting to obtain multiple reverse shells using this module we
recommend setting the "DisablePayloadHandler" advanced option to "true", and setting
up a exploit/multi/handler to run in the background as a job to support multiple incoming
shells.
If you are interested in deploying payloads to specific servers this module also
supports that functionality via the "DEPLOYLIST" option.
Currently, the module is capable of delivering payloads to both 32bit and 64bit
Windows systems via powershell memory injection methods based on Matthew Graeber's
work. As a result, the target server must have powershell installed. By default,
all of the crawl information is saved to a CSV formatted log file and MSF loot so
that the tool can also be used for auditing without deploying payloads.
Authors
Antti Rantasaari Scott Sutherland "nullbind"
Platform
Windows
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/mssql/mssql_linkcrawler
msf /(r) > show actions
...actions...
msf /(r) > set ACTION < action-name >
msf /(r) > show options
...show and set options...
msf /(r) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.