Lucene search
K

MSSQL Version Utility

🗓️ 03 May 2024 19:55:42Reported by Zach GoldmanType 
metasploit
 metasploit
🔗 www.rapid7.com👁 258 Views

MSSQL Version Utility - Executing TDS7 pre-login request for version inf

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::MSSQL
  include Msf::Auxiliary::Scanner
  include Msf::OptionalSession::MSSQL

  def initialize
    super(
      'Name' => 'MSSQL Version Utility',
      'Description' => 'Executes a TDS7 pre-login request against the MSSQL instance to query for version information.',
      'Author' => 'Zach Goldman',
      'License' => MSF_LICENSE
    )

    register_options([
      Opt::RPORT(1433)
    ])
  end

  def run
    if session
      set_mssql_session(session.client)
      data = mssql_client.initial_connection_info[:prelogin_data]
    else
      create_mssql_client
      data = mssql_prelogin
    end

    if data.blank?
      print_error("Unable to retrieve version information for #{mssql_client.peerhost}")
      return
    end

    data[:status] = 'open' if data[:version] || data[:encryption]

    print_status("SQL Server for #{mssql_client.peerhost}:")
    if data[:version]
      print_good("Version: #{data[:version]}")
    else
      print_error('Unknown Version')
    end
    if data[:encryption]
      case data[:encryption]
      when ENCRYPT_OFF
        data[:encryption] = 'off'
      when ENCRYPT_ON
        data[:encryption] = 'on'
      when ENCRYPT_NOT_SUP
        data[:encryption] = 'unsupported'
      when ENCRYPT_REQ
        data[:encryption] = 'required'
      else
        data[:encryption] = 'unknown'
      end
      print_good("Encryption: #{data[:encryption]}")
    else
      print_error('Unknown encryption status')
    end

    report_mssql_service(mssql_client.peerhost, data)
  end

  def report_mssql_service(ip, data)
    mssql_info = 'Version: %<version>s, Encryption: %<encryption>s' % [
      version: data[:version] || 'unknown',
      encryption: data[:encryption] || 'unknown'
    ]
    report_service(
      host: ip,
      port: mssql_client.peerport,
      name: 'mssql',
      info: mssql_info,
      state: (data['Status'].nil? ? 'closed' : data['Status'])
    )
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Jul 2026 19:05Current
7High risk
Vulners AI Score7
258