Metasploit MSSQL Interesting Data Finder
This project is the implementation of my blog post Finding Interesting Database Data.
My original intent was to query the database once the columns had been found and to return some sample data for each table but unfortunately due to a problem in the Metasploit module this code is based on I'm currently not able. The code is mostly written so it should be easy enough to add it in once Metasploit is fixed.
To install the module simply untar the download to the root of your Metasploit install.
Usage is fairly simple, set the standard parameters and run exploit. By default it will search for columns whose names include the words passw, bank, credit and card. If you want to change these set the NAMES field to be a pipe separated list of names to look for.
Once installed you can find the module in auxiliary/admin/mssql/mssql_idf .
msf > use auxiliary/admin/mssql/mssql_idf msf auxiliary(mssql_idf) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- NAMES passw|bank|credit|card yes Pipe separated list of column names PASSWORD no The password for the specified username RHOST yes The target address RPORT 1433 yes The target port USERNAME sa no The username to authenticate as msf auxiliary(mssql_idf) > set PASSWORD MyPass PASSWORD => MyPass msf auxiliary(mssql_idf) > set RHOST 192.168.0.54 RHOST => 192.168.0.54 msf auxiliary(mssql_idf) > exploit Database Schema Table Column Data Type Row Count ============== ========== ================= ====================== ========= ========= msdb dbo backupmediaset is_password_protected bit 0 msdb dbo backupset is_password_protected bit 0 AdventureWorks Person Address MyPassword nchar 19614 AdventureWorks Purchasing Vendor CreditRating tinyint 104 AdventureWorks Person Contact PasswordHash varchar 19972 AdventureWorks Person Contact PasswordSalt varchar 19972 AdventureWorks Sales ContactCreditCard CreditCardID int 19118 AdventureWorks Sales CreditCard CreditCardID int 19118 AdventureWorks Sales CreditCard CardType nvarchar 19118 AdventureWorks Sales CreditCard CardNumber nvarchar 19118 AdventureWorks Sales SalesOrderHeader CreditCardID int 31465 AdventureWorks Sales SalesOrderHeader CreditCardApprovalCode varchar 31465 [*] Auxiliary module execution completed
As you can see it has found a number of interesting looking columns, the row count field should help identify which ones can be ignored or given lower priority. It is now over to you to start querying them to check for data.