Land rapid7#7065, Correct display errors for SHA-512 hashes with MS SQL Server 2012

Brent Cook · Brent Cook · commit 60e728ec5c9b · 2016-09-15T18:06:02.000-05:00
diff --git a/modules/post/windows/gather/credentials/mssql_local_hashdump.rb b/modules/post/windows/gather/credentials/mssql_local_hashdump.rb
@@ -112,11 +112,16 @@ def get_sql_hash(instance_name)
 
     print_status("Attempting to get password hashes...")
 
-    get_hash_result = run_sql(query, instance_name)
+    res = run_sql(query, instance_name)
 
-    if get_hash_result.include?('0x')
+    if res.include?('0x')
       # Parse Data
-      hash_array = get_hash_result.split("\r\n").grep(/0x/)
+      if hash_type == "mssql12"
+        res = res.unpack('H*')[0].gsub("200d0a", "_CRLF_").gsub("0d0a", "").gsub("_CRLF_", "0d0a").gsub(/../) {
+          |pair| pair.hex.chr
+        }
+      end
+      hash_array = res.split("\r\n").grep(/0x/)
 
       store_hashes(hash_array, hash_type)
     else
