Merge pull request Pennyw0rth#390 from Pennyw0rth/neff-fix-mssql_priv

NeffIsBack · web-flow · commit e76d4e98fef1 · 2024-08-01T14:45:01.000+02:00
Fix admin check in mssql_priv
diff --git a/nxc/modules/mssql_priv.py b/nxc/modules/mssql_priv.py
@@ -219,6 +219,7 @@ def update_priv(self, user: User, exec_as=""):
         """
         if self.is_admin_user(user.username):
             user.is_sysadmin = True
+            self.context.log.debug(f"Updated {user.username} to is_sysadmin")
             return True
         user.dbowner = self.check_dbowner_privesc(exec_as)
         return user.dbowner
@@ -249,11 +250,15 @@ def is_admin(self, exec_as="") -> bool:
         self.revert_context(exec_as)
         is_admin = res[0][""]
         self.context.log.debug(f"IsAdmin Result: {is_admin}")
-        if is_admin:
-            self.context.log.debug("User is admin!")
-            self.admin_privs = True
-            return True
-        else:
+        try:
+            if int(is_admin):
+                self.context.log.debug("User is admin!")
+                self.admin_privs = True
+                return True
+            else:
+                return False
+        except ValueError:
+            self.logger.fail(f"Error checking if user is admin, got {is_admin} as response. Expected 0 or 1.")
             return False
 
     def get_databases(self, exec_as="") -> list:
@@ -442,10 +447,15 @@ def is_admin_user(self, username) -> bool:
         """
         res = self.query_and_get_output(f"SELECT IS_SRVROLEMEMBER('sysadmin', '{username}')")
         is_admin = res[0][""]
-        if is_admin:
-            self.admin_privs = True
-            return True
-        else:
+        try:
+            if is_admin != "NULL" and int(is_admin):
+                self.admin_privs = True
+                self.context.log.debug(f"Updated: {username} is admin!")
+                return True
+            else:
+                return False
+        except ValueError:
+            self.context.log.fail(f"Error checking if user is admin, got {is_admin} as response. Expected 0 or 1.")
             return False
 
     def revert_context(self, exec_as):
