Metasploit mailing list archives

Re: msfcli not handling = correctly, or, how to escape =

From: Matt Gardenghi <mtgarden () gmail com>
Date: Sat, 22 May 2010 08:37:02 -0400

I don't have an answer to your question per se, but why don't you justupload a meterpreter shell? If you have sa you can just upload and takecontrol. Then you can run any commands you wish locally. Just curious....


On 5/21/2010 7:53 PM, Robin Wood wrote:

This is a cut down version of a SQL query I'm trying to run through msfcli

~/src/msf/msfcli admin/mssql/mssql_sql RHOST=192.168.0.54 RPORT=1433
USERNAME="sa" PASSWORD=xxx SQL="DECLARE @sql varchar (4000); SET
@sql='xxx' " E

But the query that gets sent gets truncated at the = near the end. I
assume that this is msfcli picking it up and treating it as a new
variable it should be handling despite it being in quotes. I tried
escaping it with a \ but that didn't help.

Is there a correct way to escape this or is it a bug?

Robin
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

msfcli not handling = correctly, or, how to escape = Robin Wood (May 21)
- Re: msfcli not handling = correctly, or, how to escape = Matt Gardenghi (May 22)
  - Re: msfcli not handling = correctly, or, how to escape = Robin Wood (May 22)
- Re: msfcli not handling = correctly, or, how to escape = HD Moore (May 22)
  - Re: msfcli not handling = correctly, or, how to escape = Robin Wood (May 22)