add mssql_version module

zgoldman-r7 commented 3 months ago

Resolves https://github.com/rapid7/metasploit-framework/issues/18684 mssql_ping relies on the SQL Server Browser UDP service at 1434 to be running, so we want another way to get some information on the server. This adds the mssql_version module which attempts to connect directly to mssql and retrieve some information surrounding the version number and whether encryption is supported.

Verification

List the steps needed to make sure this thing works

[ ] Start msfconsole
[ ] Start a sql server instance
[ ] use mssql_version
[ ] run rhosts=YOUR_RHOST_HERE

msf6 auxiliary(scanner/mssql/mssql_version) > run rhosts=192.168.2.230

[*] 192.168.2.230:1433    - SQL Server for 192.168.2.230:
[+] 192.168.2.230:1433    - Version: 16.0.1000
[+] 192.168.2.230:1433    - Encryption is unsupported
[*] 192.168.2.230:1433    - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

This also works with a session instead of rhost

[ ] Start msfconsole
[ ] Start a sql server instance
[ ] use mssql_login
[ ] run CreateSession=true [rest of args here]
[ ] use mssql_version
[ ] run rhosts=YOUR_RHOST_HERE

run sessions=-1
[*] Using existing session 1
[*] SQL Server for 192.168.2.233:
[+] Version: 16.0.1000
[+] Encryption is unsupported
[*] Auxiliary module execution completed

adfoster-r7 commented 1 month ago

@msjenkins-r7 retest this please

adfoster-r7 commented 1 month ago

Release Notes

Adds a new auxiliary/scanner/mssql/mssql_version module for fingerprinting Microsoft SQL Server targets

rapid7 / metasploit-framework

add mssql_version module #18907

Verification

Release Notes