Metasploit MSSQL Interesting Data Finder

This project is the implementation of my blog post Finding Interesting Database Data.

My original intent was to query the database once the columns had been found and to return some sample data for each table but unfortunately due to a problem in the Metasploit module this code is based on I'm currently not able. The code is mostly written so it should be easy enough to add it in once Metasploit is fixed.

Installation

To install the module simply untar the download to the root of your Metasploit install.

Usage

Usage is fairly simple, set the standard parameters and run exploit. By default it will search for columns whose names include the words passw, bank, credit and card. If you want to change these set the NAMES field to be a pipe separated list of names to look for.

Once installed you can find the module in auxiliary/admin/mssql/mssql_idf .

Example

msf > use auxiliary/admin/mssql/mssql_idf
msf auxiliary(mssql_idf) > show options

Module options:

   Name      Current Setting         Required  Description
   ----      ---------------         --------  -----------
   NAMES     passw|bank|credit|card  yes       Pipe separated list of column names
   PASSWORD                          no        The password for the specified username
   RHOST                             yes       The target address
   RPORT     1433                    yes       The target port
   USERNAME  sa                      no        The username to authenticate as

msf auxiliary(mssql_idf) > set PASSWORD MyPass
PASSWORD => MyPass
msf auxiliary(mssql_idf) > set RHOST 192.168.0.54
RHOST => 192.168.0.54
msf auxiliary(mssql_idf) > exploit

Database       Schema     Table             Column                 Data Type Row Count 
============== ========== ================= ====================== ========= ========= 
msdb           dbo        backupmediaset    is_password_protected  bit       0
msdb           dbo        backupset         is_password_protected  bit       0
AdventureWorks Person     Address           MyPassword             nchar     19614
AdventureWorks Purchasing Vendor            CreditRating           tinyint   104
AdventureWorks Person     Contact           PasswordHash           varchar   19972
AdventureWorks Person     Contact           PasswordSalt           varchar   19972
AdventureWorks Sales      ContactCreditCard CreditCardID           int       19118
AdventureWorks Sales      CreditCard        CreditCardID           int       19118
AdventureWorks Sales      CreditCard        CardType               nvarchar  19118
AdventureWorks Sales      CreditCard        CardNumber             nvarchar  19118
AdventureWorks Sales      SalesOrderHeader  CreditCardID           int       31465
AdventureWorks Sales      SalesOrderHeader  CreditCardApprovalCode varchar   31465

[*] Auxiliary module execution completed

As you can see it has found a number of interesting looking columns, the row count field should help identify which ones can be ignored or given lower priority. It is now over to you to start querying them to check for data.

Download

Download MSSQL Interesting Data Finder.

Table of Contents

Categories

Support The Site

I don't get paid for any of the projects on this site so if you'd like to support my work you can do so by using the affiliate links below where I either get account credits or cash back. Usually only pennies, but they all add up.