TestAuthentication.cs calls Environment.Exit

Question

dmchell opened this issue 3 years ago · 2 comments

File affected: SQLRecon/SQLRecon/authentication/TestAuthentication.cs

The TestAuthentication class calls Environment.Exit(0) as follows:

Console.WriteLine(“[!] Failed! ” + user + ” can not log in to ” + sqlServer + “\n”);
Environment.Exit(0);
return null;

This is generally recognised as "not great practice" as it may cause beacons to exit if the tool is run over a c2.

This can be avoided by some CLR harnesses when used correctly (eg. https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/) but may not necessarily be used by all, leading to the beacon exiting.

Answer 1 · 2022-06-29T17:41:34.000Z

Good spot. Thanks Dom. Fixed in 2.1.1.

Answer 2 · 2022-06-29T18:32:03.000Z

Wow thanks for the fast fix! 👍