mailing list archives
Re: msfcli not handling = correctly, or, how to escape =
From: HD Moore <hdm () metasploit com>
Date: Sat, 22 May 2010 15:04:28 -0500
On 5/21/2010 6:53 PM, Robin Wood wrote:
This is a cut down version of a SQL query I'm trying to run through msfcli
~/src/msf/msfcli admin/mssql/mssql_sql RHOST=192.168.0.54 RPORT=1433
USERNAME="sa" PASSWORD=xxx SQL="DECLARE @sql varchar (4000); SET
@sql='xxx' " E
But the query that gets sent gets truncated at the = near the end. I
assume that this is msfcli picking it up and treating it as a new
variable it should be handling despite it being in quotes. I tried
escaping it with a \ but that didn't help.
msfcli is going away soon (to be reimplemented as a wrapper around
msfconsole). You might try writing a resource file for msfconsole
instead and just setting the datastore in a <ruby> block.