[sqlmap-users] A newbie question - Unable to open connection to host
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] A newbie question - Unable to open connection to host
|
From: Simon O. <Sim...@Te...> - 2009-04-03 13:40:23
|
Hi All,
Firstly, let me say I'm new to sqlmap and this mailing list, so Hi
everyone - Hopefully I'll be here for a while
We have some applications which are being penetration tested by an
external auditor and some issues have been found. I'd like to add
testing with sqlmap to our release procedure (alongside improved testing
and implementing best practice). Hopefully this will act as a final
safeguard. (NB: I've yet to see it working so I'm not sure how suitable
it will be)
The issue I'm having is that sqlmap seems to be unable to connect to any
machines from my PC (including loopback). We do have a proxy which
requires authentication for connections leaving the local network
however since both my PC and the servers I'll be testing are on the same
LAN, the proxy shouldn't be an issue (Although I may need to play with
it to make Auto-update work).
I've tried both the windows executable and (in case it was an issue with
the EXE build, using python). I've included the EXE command and output
below... In this case I'm using a Login form on my local PC with a SQL
backend which I've left vulnerable to SQL injection to allow me to test
sqlmap. When running under Python 3.0.1 it errored. When running under
2.6 I get the same output as below with a couple of warnings about the
hash function being deprecated.
If it _is_ trying to use the proxy settings detected on my PC, it should
find one that is ignored for addresses inside the LAN. If not, it would
need to authenticate against the proxy using NTLM.
To confirm, I can browse to the URL in IE/FF and if I telnet directly to
port 80 and send the correct headers, I get an HTTP 200 and the correct
page contents back - So my machine is capable of connecting directly
without a proxy.
I'm not sure what other information would be useful for debugging -
Please let me know
Any help greatly appreciated.
Regards,
Simon
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------------------------------
C:\sqlmap>sqlmap -u
"http://localhost:81/Logintest.asp?Login=1&Password=1" -v 2 --eta
sqlmap/0.6.4 coded by Bernardo Damele A. G.
<ber...@gm...>
and Daniele Bellucci <dan...@gm...>
[*] starting at: 13:48:15
[13:48:16] [INFO] testing connection to the target url
[13:48:31] [WARNING] unable to connect to the target url or proxy,
sqlmap is going to retry the request
[13:48:47] [WARNING] unable to connect to the target url or proxy,
sqlmap is going to retry the request
[13:49:03] [WARNING] unable to connect to the target url or proxy,
sqlmap is going to retry the request
[13:49:19] [ERROR] unable to connect to the target url or proxy
[*] shutting down at: 13:49:19
Simon Orr
Senior Analyst/Programmer
Teleperformance
Office: +44 (0) 117 916 5000
DL: +44 (0) 117 916 8140
E-mail: Sim...@Te...
<mailto:Sim...@Te...>
Web: www.Teleperformance.co.uk <http://www.teleperformance.co.uk/>
Teleperformance values: Integrity - Respect - Professionalism -
Innovation - Commitment
The information contained in this communication is privileged and confidential. The content is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by telephone or e-mail, and delete this message from your systems.
Teleperformance is a trading style of MM Teleperformance Ltd: Reg No. 02060289 England: Registered Office: St James House, Moon Street, Bristol, BS2 8QY. VAT No.763 0980 18.
P Please think of the environment before you print this email
|
