Skip to content

Commit

Permalink
Add MySQL Arch & Platform detection by query
Browse files Browse the repository at this point in the history
  • Loading branch information
sjanusz-r7 committed Mar 28, 2024
1 parent 47fc61f commit d76d12d
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 1 deletion.
8 changes: 8 additions & 0 deletions lib/msf/base/sessions/mysql.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@

class Msf::Sessions::MySQL < Msf::Sessions::Sql

# @return [String] The server hostname.
# Populated during session setup using query_server_vars
attr_accessor :server_hostname

# @return [String] The server data directory.
# # Populated during session setup using query_server_vars
attr_accessor :server_datadir

# @param[Rex::IO::Stream] rstream
# @param [Hash] opts
def initialize(rstream, opts = {})
Expand Down
2 changes: 1 addition & 1 deletion lib/msf/core/module/platform.rb
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ class Ruby < Msf::Module::Platform
#
class Linux < Msf::Module::Platform
Rank = 100
Alias = "linux"
Aliases = [ 'linux', 'debian-linux-gnu' ]
end

#
Expand Down
33 changes: 33 additions & 0 deletions lib/rex/proto/mysql/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,39 @@ def current_database
# Current database is stored as an array under the type 1 key.
session_track.fetch(1, ['']).first
end

# @return [Hash] Server version variables:
# * :arch [String] The server architecture.
# * :platform [String] The server platform.
# * :hostname [String] The server hostname.
# * :datadir [String] The server data directory.
def query_server_vars
result = {}

server_vars = query('show variables').entries
server_vars.each do |server_var|
name, value = server_var

case name
when 'version_compile_machine'
result[:arch] = value
when 'version_compile_os'
result[:platform] = value
when 'version'
# noop
# We have the version information from the server already under client.server_info
# Use noop to not log the value below as unknown.
when 'hostname'
result[:hostname] = value
when 'datadir'
result[:datadir] = value
else
result[name.to_s] = value
end
end

result
end
end
end
end
Expand Down
6 changes: 6 additions & 0 deletions modules/auxiliary/scanner/mysql/mysql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,12 @@ def session_setup(result, client)
'PASSWORD' => result.credential.private
}

server_vars = my_session.client.query_server_vars
my_session.arch = server_vars[:arch]
my_session.platform = server_vars[:platform]
my_session.server_datadir = server_vars[:datadir]
my_session.server_hostname = server_vars[:hostname]

start_session(self, nil, merging, false, my_session.rstream, my_session)
end
end

0 comments on commit d76d12d

Please sign in to comment.