MSSQL Phishing with metasploit

Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).
 

To select the capture module type:

use auxiliary/server/capture/mssql

 

Options
You can set CAINPWFILE option to store captured hashes in Cain&Abel format or JOHNPWFILE to store hashes in John The Ripper format.

Leave SRVHOST option as it is, 0.0.0.0, to listen on the local host. You can configure the module to use SSL.
 

Testing
After running the module try connecting to the mssql server from another computer on your network to see how it is working.

To connect to a mssql server open your Microsoft SQL Server Management Studio and try to login to the running service.

You will notice that Metasploit has captured the username and the password that you entered in Management Studio.
 

Published in Hakin9 magazine on October 25, 2012

%d bloggers like this: