Re: [sqlmap-users] wrong file size checking with os-shell
Brought to you by:
inquisb
From: Robin W. <ro...@di...> - 2012-09-14 14:48:26
|
On 14 September 2012 13:49, Miroslav Stampar <mir...@gm...> wrote: > Hi. > > Original stager(.php) size is indeed 703 bytes, so sqlmap is not wrong in > your case. You can check it by going into ./shell and running: "find > backdoor.*_ stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i > '{}' \;" > > If you want to debug you could try watching traffic with -v 5 or by > capturing it with -t traffic.txt. Maybe something interesting could be found > there. I backed up my output directory then deleted and re-checked out everything and now it is working. I guess something got cached based on an old version of the shell. Robin > Kind regards, > Miroslav Stampar > > On Fri, Sep 14, 2012 at 2:12 PM, Robin Wood <ro...@di...> wrote: >> >> Looks like you've updated the shell sent over with os-shell but not >> updated the size that the script checks to see if it exists. >> >> Robin >> >> [13:08:22] [WARNING] unable to retrieve the web server document root >> please provide the web server document root [/var/www/]: >> /var/www/html/upload/ >> [13:08:29] [WARNING] unable to retrieve any web server path >> please provide any additional web server full path to try to upload >> the agent [Enter for None]: >> [13:08:30] [WARNING] unable to upload the file stager on >> '/var/www/html/upload' >> [13:08:30] [INFO] trying to upload the file stager via UNION technique >> do you want confirmation that the file >> '/var/www/html/upload/tmpuivks.php' has been successfully written on >> the back-end DBMS file system? [Y/n] >> [13:08:33] [INFO] the file has been successfully written and its size >> is 6969 bytes, but the size differs from the local file >> '/tmp/tmpo2EvI1' (703 bytes) >> [13:08:33] [WARNING] expect junk characters inside the file as a >> leftover from UNION query >> [13:08:33] [WARNING] HTTP error codes detected during testing: >> 404 (Not Found) - 2 times >> [13:08:33] [INFO] fetched data logged to text files under >> '/home/robin/tools/web/sqlmap/output/192.168.50.22' >> >> >> ------------------------------------------------------------------------------ >> Got visibility? >> Most devs has no idea what their production app looks like. >> Find out how fast your code is with AppDynamics Lite. >> http://ad.doubleclick.net/clk;262219671;13503038;y? >> http://info.appdynamics.com/FreeJavaPerformanceDownload.html >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |