/
mssql.go
executable file
·130 lines (112 loc) · 3.08 KB
/
mssql.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package gopocs
import (
"database/sql"
"github.com/hanbufei/dddd/structs"
_ "embed"
"fmt"
_ "github.com/denisenkom/go-mssqldb"
"github.com/projectdiscovery/gologger"
"time"
)
var mssqlUserPasswdDict string
func MssqlScan(info *structs.HostInfo) (tmperr error) {
starttime := time.Now().Unix()
userPasswdList := sortUserPassword(info, mssqlUserPasswdDict, []string{"mssql", "sqlserver"})
for _, userPass := range userPasswdList {
flag, err := MssqlConn(info, userPass.UserName, userPass.Password)
if flag == true && err == nil {
return err
} else {
tmperr = err
if CheckErrs(err) {
return err
}
if time.Now().Unix()-starttime > (int64(len(userPasswdList)) * 6) {
return err
}
}
}
return tmperr
}
func PrintRow(colsdata []interface{}) (err error, result string) {
result = ""
for _, val := range colsdata {
switch v := (*(val.(*interface{}))).(type) {
case nil:
//fmt.Print("NULL")
case bool:
if v {
fmt.Print("True")
} else {
fmt.Print("False")
}
case []byte:
fmt.Print(string(v))
default:
result += fmt.Sprintf("%v\n", v)
}
}
return err, result
}
func MssqlCMD(sqlstr string, conn *sql.DB) ([]interface{}, string) {
stmt, err := conn.Prepare(sqlstr)
if err != nil {
return nil, ""
}
defer stmt.Close()
rows, err := stmt.Query()
if err != nil {
return nil, ""
}
cols, _ := rows.Columns()
var colsdata = make([]interface{}, len(cols))
for i := 0; i < len(cols); i++ {
colsdata[i] = new(interface{})
}
result := ""
for rows.Next() {
rows.Scan(colsdata...) //将查到的数据写入到这行中
_, r := PrintRow(colsdata)
result += r
}
defer rows.Close()
return colsdata, result
}
func verifyMssql(conn *sql.DB) string {
ver := "SQL-Shell> SELECT @@VERSION;\n"
_, r := MssqlCMD(`SELECT @@VERSION;`, conn)
ver += r + "\n"
ver += "SQL-Shell> Select Name FROM Master.dbo.SysDatabases orDER BY Name;\n"
_, r = MssqlCMD(`Select Name FROM Master.dbo.SysDatabases orDER BY Name`, conn)
ver += r + "\n"
return ver
}
func MssqlConn(info *structs.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host, Port, Username, Password := info.Host, info.Ports, user, pass
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v",
Host, Username, Password, Port, time.Duration(6)*time.Second)
db, err := sql.Open("mssql", dataSourceName)
if err == nil {
db.SetConnMaxLifetime(time.Duration(6) * time.Second)
db.SetConnMaxIdleTime(time.Duration(6) * time.Second)
db.SetMaxIdleConns(0)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("[GoPoc] Mssql://%v:%v:%v %v", Host, Port, Username, Password)
gologger.Silent().Msg(result)
showData := fmt.Sprintf("Host: %v:%v\nUsername: %v\nPassword: %v\n", Host, Port, Username, Password)
GoPocWriteResult(structs.GoPocsResultType{
PocName: "Mssql-Login",
Security: "CRITICAL",
Target: Host + ":" + Port,
InfoLeft: showData,
InfoRight: verifyMssql(db),
Description: "Mssql弱口令",
})
flag = true
}
}
return flag, err
}