From b0ee13c02e2e6744ef23896173ca8c50a4247245 Mon Sep 17 00:00:00 2001
From: tw1sm <mcreel31@gmail.com>
Date: Sat, 30 Dec 2023 18:07:20 -0500
Subject: [PATCH 1/2] fix db specfic role membership query

---
 pysqlrecon/modules/whoami.py | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/pysqlrecon/modules/whoami.py b/pysqlrecon/modules/whoami.py
index 1c22c29..85a6654 100644
--- a/pysqlrecon/modules/whoami.py
+++ b/pysqlrecon/modules/whoami.py
@@ -39,19 +39,32 @@ def main(ctx: typer.Context):
     pysqlrecon.query_handler("SELECT USER_NAME();")
     logger.info(f"Mapped to the user [cyan]{pysqlrecon.get_last_resp()}[/]", extra=OBJ_EXTRA_FMT)
 
+    logger.info("Gathering roles:")
     pysqlrecon.query_handler("SELECT [name] FROM sysusers WHERE issqlrole = 1;")
     roles = [row['name'] for row in pysqlrecon.ms_sql.rows]
-    roles.extend(DEFAULT_ROLES)
     
-    logger.info("Gathering roles:")
-    print()
+    logger.debug(f"Identified {len(roles)} database roles")
+    logger.debug(f"Roles: {roles}")
     
+    print()
+
+    # db-specific roles    
     for role in roles:
+        pysqlrecon.query_handler(f"SELECT IS_MEMBER('{role}');")
+        check_role(role, pysqlrecon.get_last_resp())
+
+    # check server roles
+    for role in DEFAULT_ROLES:
         pysqlrecon.query_handler(f"SELECT IS_SRVROLEMEMBER('{role}');")
-        if pysqlrecon.get_last_resp() == 1:
-            console.print(f"{' |->':>15} User is a member of the [green]{role}[/] role")
-        else:
-            console.print(f"{' |->':>15} User is NOT a member of the [red]{role}[/] role")
-    
+        check_role(role, pysqlrecon.get_last_resp())
+
+
     print()
-    pysqlrecon.disconnect()
\ No newline at end of file
+    pysqlrecon.disconnect()
+
+
+def check_role(role, last_resp):
+    if last_resp == 1:
+        console.print(f"{' |->':>15} User is a member of the [green]{role}[/] role")
+    else:
+        console.print(f"{' |->':>15} User is NOT a member of the [red]{role}[/] role")
\ No newline at end of file

From 85254d0c4481fefbc995d3b63aa92a7f9b641f27 Mon Sep 17 00:00:00 2001
From: tw1sm <mcreel31@gmail.com>
Date: Sat, 30 Dec 2023 18:07:50 -0500
Subject: [PATCH 2/2] bump version

---
 CHANGELOG.md           | 9 +++++++--
 pyproject.toml         | 2 +-
 pysqlrecon/__init__.py | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e248df0..9aeb083 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,12 @@
 # Changelog
-## [v0.1.2] - 09/21/2023
+## [v0.1.3] - 12/30/2023
 ### Fixed
-- Issue #1
+- Issue [#3](https://github.com/Tw1sm/PySQLRecon/issues/3)
+- Roles queried from the database now use `IS_MEMBER` call instead `IS_SRVMEMBER` to check membership
+
+## [v0.1.2] - 12/21/2023
+### Fixed
+- Issue [#1](https://github.com/Tw1sm/PySQLRecon/issues/1)
 - When using `clr` module, if custom assembly already exists under a different name `pysqlrecon` would previously log the error and exit
     - Now it deletes the offending assembly and tries creation again
 
diff --git a/pyproject.toml b/pyproject.toml
index 94f20e2..e74efdc 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pysqlrecon"
-version = "0.1.2"
+version = "0.1.3"
 description = "Offensive MSSQL Python toolkit"
 authors = ["Matt Creel <mcreel31@gmail.com>"]
 readme = "README.md"
diff --git a/pysqlrecon/__init__.py b/pysqlrecon/__init__.py
index 34da6b8..ef0b380 100644
--- a/pysqlrecon/__init__.py
+++ b/pysqlrecon/__init__.py
@@ -1 +1 @@
-__version__ = '0.1.2'
\ No newline at end of file
+__version__ = '0.1.3'
\ No newline at end of file