bcoles
commented
3 years ago Metasploit exploits allow specifying a payload. The windows/exec and windows/x64/exec payloads allow execution of commands specified using set cmd ....
msf6 exploit(windows/mssql/mssql_clr_payload) > set payload windows/exec
payload => windows/exec
msf6 exploit(windows/mssql/mssql_clr_payload) > options
Module options (exploit/windows/mssql/mssql_clr_payload):
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE master yes The database to load the CLR Assembly into.
PASSWORD no The password for the specified username
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 1433 yes The target port (TCP)
TDSENCRYPTION false yes Use TLS/SSL for TDS data "Force Encryption"
USERNAME sa no The username to authenticate as
USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set)
Payload options (windows/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
Exploit target:
Id Name
-- ----
0 Automatic
Hello, when using exploit/windows/mssql/mssql_clr_payload, you can only get meterpreter, I think you can add the function of executing commands