Customizing MSFconsole

We’ll use SQLPwnage to deploy the Meterpreter console via SQL injection on the target to gain administrative access to its backend database. Recall from Chapter 11 that SQLPwnage is an automated way of attacking MS SQL–based injection flaws, and it uses multiple methods of attack in an attempt to fully compromise the SQL server via the xp_cmdshell stored procedure.

Before launching the attack, we need to set up some options through msfconsole. For practice, let’s create our own Metasploit listener manually. Fast-Track can set it up for you, but we will be adding the load auto_add_route function within Metasploit so that we ...

Get Metasploit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.