This modules takes given credentials and a port and attempts to log into one or more MSSQL Servers. Once it has logged in it will check to make sure it has sysadmin permissions. Assuming it has the needed permissions it will then grab all of the Database Username and Hashes. While it is in there, it will also grab all the Database and Table names. It reports all of this back into the Database for later cracking. Support will be added in the future to the John the Ripper functions to include support for these database hashes. When it does, the database, table names, and instance names will also be sued to seed the JtR wordlists to enhance cracking efforts.
msf auxiliary(mssql_hashdump) > info
Name: MSSQL Password Hashdump
Module: auxiliary/scanner/mssql/mssql_hashdump
Version: 13435
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
TheLightCosine
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD reallybadpassword no The password for the specified username
RHOSTS 192.168.1.1,192.168.1.2 yes The target address range or CIDR identifier
RPORT 1433 yes The target port
THREADS 1 yes The number of concurrent threads
USERNAME sa no The username to authenticate as
USE_WINDOWS_AUTHENT false yes Use windows authentification
Description:
This module extracts the usernames and encrypted password hashes
from a MSSQL server and stores them for later cracking. This module
also saves information about the server version and table names,
which can be used to seed the wordlist.
msf auxiliary(mssql_hashdump) >
No comments:
Post a Comment