Metasploit Penetration Testing Framework

Microsoft SQL Server xp_cmdshell Command Execution

This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell procedure. A valid username and password is required to use this module

Rank

Normal

Authors

tebo < tebo [at] attackresearch.com >

References

http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/admin/mssql/mssql_exec
msf auxiliary(mssql_exec) > set RHOST [TARGET IP]
msf auxiliary(mssql_exec) > run

Module Options

CMD	Command to execute (default: cmd.exe /c echo OWNED > C:\owned.exe)
PASSWORD	The password for the specified username (default: )
RHOST	The target address
RPORT	The target port (default: 1433)
USERNAME	The username to authenticate as (default: sa)
CHOST	The local client address
CPORT	The local client port
ConnectTimeout	Maximum number of seconds to establish a TCP connection
HEX2BINARY	The path to the hex2binary script on the disk
Proxies	Use a proxy chain
SSL	Negotiate SSL for outgoing connections
SSLVersion	Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
WORKSPACE	Specify the workspace for this module
TCP::max_send_size	Maxiumum tcp segment size. (0 = disable)
TCP::send_delay	Delays inserted before every send. (0 = disable)

OSVDB:	CVE:
BID:	MSB:
TEXT: