PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:

Browse Source 
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
This commit is contained in:
Bernardo Damele
2010-03-12 22:43:35 +00:00
parent 6b1ae62753
commit 7d8cc1a482
7 changed files with 21 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/parse/cmdline.py
View File

@@ -352,8 +352,7 @@ def cmdLineParser():
"exploitation")
takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
help="User priv escalation by abusing Windows "
"access tokens")
help="Database process' user privilege escalation")
takeover.add_option("--msf-path", dest="msfPath",
help="Local path where Metasploit Framework 3 "