[sqlmap-users] sqlmap-svn, errors when using metasploit

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Guys,

Seems theres an error with the arguments being passed when trying to utilise metasploit to spawn a shell or similar.  Theres also an error in the messages displayed when the user is entering parameters too, somethings getting screwy somewhere :(

S.

Snip....

[15:04:30] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2000
web application technology: ASP.NET, ASP, Microsoft IIS 5.0
back-end DBMS: Microsoft SQL Server 2005

[15:04:30] [INFO] testing stacked queries support on parameter 'cat1'
[15:04:40] [INFO] the web application supports stacked queries on parameter 'cat1'
[15:04:40] [INFO] testing if current user is DBA
[15:04:40] [INFO] retrieved: 1
[15:04:43] [INFO] checking if xp_cmdshell extended procedure is available, wait..
[15:04:55] [INFO] xp_cmdshell extended procedure is available
[15:04:55] [INFO] creating Metasploit Framework 3 payload stager
which connection type do you want to use?
[1] Bind TCP (default)
o NX)ind TCP (N
[3] Reverse TCP
[4] Reverse TCP (No NX)
> 1
which is the back-end DBMS address? [172.31.1.6]
which remote port numer do you want to use? [23986]
which payload do you want to use?
[1] Reflective Meterpreter (default)
preterter
[3] Shell
[4] Reflective VNC
[5] VNC
> 5
[15:05:36] [WARNING] it is unlikely that the VNC injection will be successful because often Microsoft SQL Server 2005 runs as Network Service or the Administrator is not logged in
what do you want to do?
[1] Give it a try anyway
erpreter payload (default)e Met
[3] Fall back to Shell payload
> 1
do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its argument so that it will be started as SYSTEM? [Y/n]
[15:06:07] [INFO] the binary file is bigger than 65280 bytes. sqlmap will split it into chunks, upload them and recreate the original file out of the binary chunks server-side, wait..
[15:06:07] [ERROR] unhandled exception in sqlmap/0.7rc3, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible:
sqlmap version: 0.7rc3
Python version: 2.5.1
Operating system: darwin
Traceback (most recent call last):
  File "./sqlmap.py", line 84, in main
    start()
  File "/Users/simonbaker/tools/sqlmap/lib/controller/controller.py", line 263, in start
    action()
  File "/Users/simonbaker/tools/sqlmap/lib/controller/action.py", line 143, in action
    conf.dbmsHandler.osPwn()
  File "/Users/simonbaker/tools/sqlmap/plugins/generic/takeover.py", line 312, in osPwn
    self.createMsfPayloadStager()
  File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 603, in createMsfPayloadStager
    self.__prepareIngredients()
  File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 330, in __prepareIngredients
    self.payloadStr     = self.__selectPayload(askChurrasco)
  File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 263, in __selectPayload
    uploaded = self.uploadChurrasco()
  File "/Users/simonbaker/tools/sqlmap/plugins/generic/takeover.py", line 263, in uploadChurrasco
    self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
  File "/Users/simonbaker/tools/sqlmap/plugins/generic/filesystem.py", line 338, in writeFile
    self.stackedWriteFile(wFile, dFile, fileType, confirm)
  File "/Users/simonbaker/tools/sqlmap/plugins/dbms/mssqlserver.py", line 544, in stackedWriteFile
    chunkName  = self.updateBinChunk(wFileChunk, dFile, tmpPath)
TypeError: updateBinChunk() takes exactly 3 arguments (4 given)

[*] shutting down at: 15:06:07

Simon Baker
Penetration Tester

Sec-1 Ltd
T: 0113 2578955
F: 0113 2579718

This e-mail and any attached files are confidential and may also be legally privileged. They are intended solely for the intended addressee. If you are not the addressee please e-mail it back to the sender and then immediately, permanently delete it. Do not read, print, re-transmit, store or act in reliance on it. This e-mail may be monitored by Sec-1 Ltd in accordance with current regulations. This footnote also confirms that this e-mail message has been swept for the presence of computer viruses currently known to Sec-1 Ltd. However, the recipient is responsible for virus-checking before opening this message and any attachment. Unless expressly stated to the contrary, any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Sec-1 Ltd.
Registered Name: Sec-1 Ltd, Registration Number: 4138637, Registered Office Address: Unit 4, Spring Valley Park, Butler Way, Stanningley, Leeds, LS28 6EA.