This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xp_cmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection vulnerability happens.
5c71a8e0d959c8b1f43ce27c1cfb87641e1abf71b42047e2636fd0256601f31a
This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using the Windows debug.com method for writing an executable to disk and the xp_cmdshell stored procedure. File size restrictions are avoided by incorporating the debug bypass method presented at Defcon 17 by SecureState. Note that this module will leave a metasploit payload in the Windows System32 directory which must be manually deleted once the attack is completed.
08dfa1b6b11d0fd3513417baa7f7f3bdc147dd9a8593be9c3fe0d2e365f87d4d