Add a check() for mssql_payload

[jlee-r7]

Verification

• use exploit/windows/mssql/mssql_payload
• set appropriate options for your victim
• with correct username and password:
  • check
  • Verify output indicates the target is vulnerable
• with invalid credentials
  • check
  • Verify output indicates the target is not vulnerable

[wchen-r7]

@jlee-r7 So since this document https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-check%28%29-method, we've changed all the print_something methods to vprint_something because we've concluded it's noisy when you run the check against multiple hosts. I'll change all your prints to vprints when I merge this PR, but if you don't believe that's right, please feel free to open up a ticket for discussion. Thanks.

[wchen-r7]

Hmm, it's noisy anyway because the mixin is printing stuff...

[jlee-r7]

Yeah, all those prints may have been overzealous. Might want to change:

mssql_query("select @@version", true)

to

vprint_status mssql_query("select @@version")

Or just take it out all together.

[Meatballs1]

Technically you should be checking the grant permissions on xp_cmdshell versus the current user, not just if they are a sysadmin. something along the lines of use master; exec sp_helprotect 'xp_cmdshell'. Also doesn't check if xp_cmdshell is enabled or can be re-enabled?

A more accurate check would just be to try and call xp_cmdshell and check the error. Either it will say disabled or the user won't have access?