Fix nil bug in mssql_idf

wvu · wvu · commit 55895c6305a9 · 2015-10-02T18:20:06.000-05:00
diff --git a/modules/auxiliary/admin/mssql/mssql_idf.rb b/modules/auxiliary/admin/mssql/mssql_idf.rb
@@ -14,7 +14,6 @@
 
 require 'msf/core'
 
-
 class Metasploit3 < Msf::Auxiliary
 
   include Msf::Exploit::Remote::MSSQL
@@ -95,11 +94,14 @@ def run
     sql += "CLOSE table_cursor "
     sql += "DEALLOCATE table_cursor "
 
+    if mssql_login_datastore
+      result = mssql_query(sql, false)
+    else
+      print_error('Login failed')
+      return
+    end
 
-    # Add error handling here
-    result = mssql_query(sql, false) if mssql_login_datastore
     column_data = result[:rows]
-
     widths = [0, 0, 0, 0, 0, 9]
     total_width = 0
 
@@ -113,25 +115,24 @@ def run
       total_width += a
     }
 
-    print_line("")
+    print_line
 
     buffer = ""
     headings.each { |row|
       0.upto(5) { |col|
         buffer += row[col].ljust(widths[col] + 1)
       }
       print_line(buffer)
-      print_line("")
+      print_line
       buffer = ""
 
       0.upto(5) { |col|
         buffer += print "=" * widths[col] + " "
       }
       print_line(buffer)
-      print_line("")
+      print_line
     }
 
-    table_data_sql = {}
     column_data.each { |row|
       count_sql = "SELECT COUNT(*) AS count FROM "
 
@@ -153,73 +154,11 @@ def run
 
       buffer += row_count.to_s
       print_line(buffer)
-      print_line("")
-
-#			if row_count == 0
-#				data_sql = nil
-#				table_data_sql[full_table + "." + column_name] = nil
-#			elsif row_count < 4
-#				data_sql = "SELECT * from " + full_table
-#				table_data_sql[full_table + "." + column_name] = data_sql
-#			else
-#				data_sql = "SELECT TOP 3 * from " + full_table
-#
-#				# or this will get top, middle and last rows
-#
-#				data_sql = "
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between 1 and 1;
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between " + (row_count / 2).to_s + " and " + (row_count / 2).to_s + ";
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between " + row_count.to_s + " and " + row_count.to_s + ";
-#						"
-#				table_data_sql[full_table + "." + column_name] = data_sql
-#			end
+      print_line
     }
 
-    print_line("")
-
-    # The code from this point on is for dumping out some sample data however the MSSQL parser isn't working
-    # correctly so the output is messed up. I'll finish implementing this once the bug is fixed.
-
-#		print_line("")
-#		print_with_underline("Sample Data")
-#		print_line("")
-#		table_data_sql.each_pair { |table, sql|
-#			if !sql.nil?
-#				print_with_underline table
-#				result = mssql_query(sql, true) if mssql_login_datastore
-#				#print_line result.inspect
-#				result[:colnames].each { |row|
-#					print row.ljust(20)
-#				}
-#			end
-#		}
-#
-#			if !data_sql.nil?
-#				result = mssql_query(data_sql, false) if mssql_login_datastore
-#	#			print_line "INSPECT"
-#	#			print_line result.keys.inspect
-#	#			print_line result[:colnames].inspect
-#		result[:colnames].each { |row|
-#			print row.ljust(20)
-#		}
-#		print_line("")
-#		result[:colnames].each { |row|
-#			print "=" * 20 + " "
-#		}
-#		print_line("")
-#
-#				if !result[:rows].nil?
-##				print_line data_sql
-#					result[:rows].each { |acol|
-#						acol.each { |aval|
-#				#			print_line aval
-#						}
-#					}
-#				end
-#			end
+    print_line
     disconnect
   end
+
 end
