This commit is contained in:
TrustedSec 2016-08-03 16:19:18 -04:00
parent edaa7a7927
commit 5c107ec67b
4 changed files with 35 additions and 28 deletions

View file

@ -1,3 +1,11 @@
~~~~~~~~~~~~~~~~
version 7.3.12
~~~~~~~~~~~~~~~~
* added prompt before brute forcing
* removed nmap depend and used standard sockets for tcp connect
* reduced connect time for mssql
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
version 7.3.11 version 7.3.11
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~

View file

@ -98,7 +98,7 @@ try:
if "/" in str(range): if "/" in str(range):
iprange = printCIDR(range) iprange = printCIDR(range)
iprange = iprange.split(",") iprange = iprange.split(",")
pool = ThreadPool(200) pool = ThreadPool(30)
sqlport = pool.map(get_sql_port, iprange) sqlport = pool.map(get_sql_port, iprange)
pool.close() pool.close()
pool.join() pool.join()
@ -154,10 +154,10 @@ try:
sql_servers = sql_servers.split(",") sql_servers = sql_servers.split(",")
# start loop and brute force # start loop and brute force
print_status("The following SQL servers and associated ports were identified; ") print_status("The following SQL servers and associated ports were identified: ")
for sql in sql_servers: for sql in sql_servers:
if sql != "": if sql != "":
print "SQL Server:" + sql print(sql)
print_status("By pressing enter, you will begin the brute force process on all SQL accounts identified in the list above.") print_status("By pressing enter, you will begin the brute force process on all SQL accounts identified in the list above.")
test = input("Press {enter} to begin the brute force process.") test = input("Press {enter} to begin the brute force process.")
for servers in sql_servers: for servers in sql_servers:
@ -195,9 +195,6 @@ try:
if sql_servers: if sql_servers:
print_warning( print_warning(
"Sorry. Unable to locate or fully compromise a MSSQL Server on the following SQL servers: ") "Sorry. Unable to locate or fully compromise a MSSQL Server on the following SQL servers: ")
for line in sql_servers:
if line != "":
print("SQL Server: " + line.rstrip())
else: else:
print_warning( print_warning(

View file

@ -1 +1 @@
7.3.11 7.3.12

View file

@ -18,6 +18,7 @@ import base64
from src.core import dictionaries from src.core import dictionaries
import io import io
import trace import trace
#python 2 and 3 compatibility #python 2 and 3 compatibility
try: try:
from urllib.request import urlopen from urllib.request import urlopen
@ -1764,30 +1765,31 @@ def get_sql_port(host):
s.settimeout(.2) s.settimeout(.2)
# Attempt to query UDP:1434 and return MSSQL running port # Attempt to query UDP:1434 and return MSSQL running port
try:
sql_port = None
try: try:
port = 1434 port = 1434
msg = "\x02\x41\x41\x41\x41" msg = "\x02\x41\x41\x41\x41"
s.sendto(msg, (host, port)) s.sendto(msg, (host, port))
d = s.recvfrom(1024) d = s.recvfrom(1024)
sql_port = d[0].split(";")[9] sql_port = d[0].split(";")[9]
if sql_port != None:
return host + ": " + sql_port
else:
proc = subprocess.Popen("nmap -v -sT -p1433 %s" %
(host), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output = proc.communicate()[0].split("\n")
result = ""
counter = 0
for result in output:
if "Discovered open port" in result:
result = result.split("on ")[1]
counter = 1
return host + ":" + "1433"
if counter == 0:
return None
# if we have an exception, udp 1434 isnt there could be firewalled off so we need to check 1433 just in case
except: except:
sql_port = "1433"
pass
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(.2)
s.connect((host, int(sql_port)))
return host + ":" + sql_port
# if port is closed
except: return None
except Exception as err:
print str(err)
pass pass
# capture output from a function # capture output from a function