Browse Source

added Session info display to module output

output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
David Maloney 4 years ago
parent
commit
a1ab8f1dc7
No account linked to committer's email address
2 changed files with 14 additions and 10 deletions
  1. 4
    0
      lib/msf/core/post_mixin.rb
  2. 10
    10
      modules/post/windows/manage/mssql_local_auth_bypass.rb

+ 4
- 0
lib/msf/core/post_mixin.rb View File

@@ -82,6 +82,10 @@ module Msf::PostMixin
82 82
     @session
83 83
   end
84 84
 
85
+  def session_display_info
86
+    "Session: #{session.sid} (#{session.session_host})"
87
+  end
88
+
85 89
   alias :client :session
86 90
 
87 91
   #

+ 10
- 10
modules/post/windows/manage/mssql_local_auth_bypass.rb View File

@@ -47,7 +47,7 @@ class Metasploit3 < Msf::Post
47 47
     instance = datastore['INSTANCE'].to_s
48 48
 
49 49
     # Display target
50
-    print_status("Running module against #{sysinfo['Computer']}")
50
+    print_status("#{session_display_info}: Running module against #{sysinfo['Computer']}")
51 51
 
52 52
     # Identify available native SQL client
53 53
     get_sql_client
@@ -60,7 +60,7 @@ class Metasploit3 < Msf::Post
60 60
       service = check_for_sqlserver(instance)
61 61
       fail_with(Failure::Unknown, 'Unable to identify MSSQL Service') unless service
62 62
 
63
-      print_status("Identified service '#{service[:display]}', PID: #{service[:pid]}")
63
+      print_status("#{session_display_info}: Identified service '#{service[:display]}', PID: #{service[:pid]}")
64 64
       instance_name = service[:display].gsub('SQL Server (','').gsub(')','').lstrip.rstrip
65 65
 
66 66
       if datastore['REMOVE_LOGIN']
@@ -109,7 +109,7 @@ class Metasploit3 < Msf::Post
109 109
   end
110 110
 
111 111
   def add_sql_login(dbuser, dbpass, instance)
112
-    print_status("Attempting to add new login \"#{dbuser}\"...")
112
+    print_status("#{session_display_info}: Attempting to add new login \"#{dbuser}\"...")
113 113
     query = mssql_sa_escalation(username: dbuser, password: dbpass)
114 114
 
115 115
     # Get Data
@@ -117,33 +117,33 @@ class Metasploit3 < Msf::Post
117 117
 
118 118
     case add_login_result
119 119
     when '', /new login created/i
120
-      print_good("Successfully added login \"#{dbuser}\" with password \"#{dbpass}\"")
120
+      print_good("#{session_display_info}: Successfully added login \"#{dbuser}\" with password \"#{dbpass}\"")
121 121
       return true
122 122
     when /already exists/i
123 123
       fail_with(Failure::BadConfig, "Unable to add login #{dbuser}, user already exists")
124 124
     when /password validation failed/i
125 125
       fail_with(Failure::BadConfig, "Unable to add login #{dbuser}, password does not meet complexity requirements")
126 126
     else
127
-      print_error("Unable to add login #{dbuser}")
128
-      print_error("Database Error:\n #{add_login_result}")
127
+      print_error("#{session_display_info}: Unable to add login #{dbuser}")
128
+      print_error("#{session_display_info}: Database Error:\n #{add_login_result}")
129 129
       return false
130 130
     end
131 131
   end
132 132
 
133 133
   def remove_sql_login(dbuser, instance_name)
134
-    print_status("Attempting to remove login \"#{dbuser}\"")
134
+    print_status("#{session_display_info}: Attempting to remove login \"#{dbuser}\"")
135 135
     query = "sp_droplogin '#{dbuser}'"
136 136
 
137 137
     remove_login_result = run_sql(query, instance_name)
138 138
 
139 139
     # Display result
140 140
     if remove_login_result.empty?
141
-      print_good("Successfully removed login \"#{dbuser}\"")
141
+      print_good("#{session_display_info}: Successfully removed login \"#{dbuser}\"")
142 142
       return true
143 143
     else
144 144
       # Fail
145
-      print_error("Unabled to remove login #{dbuser}")
146
-      print_error("Database Error:\n\n #{remove_login_result}")
145
+      print_error("#{session_display_info}: Unabled to remove login #{dbuser}")
146
+      print_error("#{session_display_info}: Database Error:\n\n #{remove_login_result}")
147 147
       return false
148 148
     end
149 149
   end

Loading…
Cancel
Save