Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).
To select the capture module type:
Options
You can set CAINPWFILE option to store captured hashes in Cain&Abel format or JOHNPWFILE to store hashes in John The Ripper format.
You can set CAINPWFILE option to store captured hashes in Cain&Abel format or JOHNPWFILE to store hashes in John The Ripper format.
Leave SRVHOST option as it is, 0.0.0.0, to listen on the local host. You can configure the module to use SSL.
Testing
After running the module try connecting to the mssql server from another computer on your network to see how it is working.
After running the module try connecting to the mssql server from another computer on your network to see how it is working.
To connect to a mssql server open your Microsoft SQL Server Management Studio and try to login to the running service.
You will notice that Metasploit has captured the username and the password that you entered in Management Studio.
0 Comments