PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149).

Browse Source
This commit is contained in:
Bernardo Damele
2010-01-26 01:14:44 +00:00
parent a97e20d8e1
commit 6437c16156
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/generic/takeover.py
View File

@@ -165,15 +165,16 @@ class Takeover(Abstraction, Metasploit, Registry):
warnMsg = "by default PostgreSQL on Windows runs as postgres "
warnMsg += "user which has no Windows Impersonation "
warnMsg += "Tokens: it is unlikely that the privilege "
warnMsg += "escalation will be successful"
warnMsg += "escalation via 'incognito' extension will "
warnMsg += "be successful"
logger.warn(warnMsg)
elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
warnMsg = "often Microsoft SQL Server %s " % kb.dbmsVersion[0]
warnMsg += "runs as Network Service which has no Windows "
warnMsg += "Impersonation Tokens within all threads, this "
warnMsg += "makes Meterpreter's incognito extension to "
warnMsg += "fail to list tokens"
warnMsg += "makes Meterpreter's 'incognito' extension "
warnMsg += "to fail to list tokens"
logger.warn(warnMsg)
uploaded = self.uploadChurrasco()