[sqlmap-users] sqlmap-svn, errors when using metasploit
Brought to you by:
inquisb
From: Simon B. <Si...@se...> - 2009-07-06 14:25:44
|
Hi Guys, Seems theres an error with the arguments being passed when trying to utilise metasploit to spawn a shell or similar. Theres also an error in the messages displayed when the user is entering parameters too, somethings getting screwy somewhere :( S. Snip.... [15:04:30] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2000 web application technology: ASP.NET, ASP, Microsoft IIS 5.0 back-end DBMS: Microsoft SQL Server 2005 [15:04:30] [INFO] testing stacked queries support on parameter 'cat1' [15:04:40] [INFO] the web application supports stacked queries on parameter 'cat1' [15:04:40] [INFO] testing if current user is DBA [15:04:40] [INFO] retrieved: 1 [15:04:43] [INFO] checking if xp_cmdshell extended procedure is available, wait.. [15:04:55] [INFO] xp_cmdshell extended procedure is available [15:04:55] [INFO] creating Metasploit Framework 3 payload stager which connection type do you want to use? [1] Bind TCP (default) o NX)ind TCP (N [3] Reverse TCP [4] Reverse TCP (No NX) > 1 which is the back-end DBMS address? [172.31.1.6] which remote port numer do you want to use? [23986] which payload do you want to use? [1] Reflective Meterpreter (default) preterter [3] Shell [4] Reflective VNC [5] VNC > 5 [15:05:36] [WARNING] it is unlikely that the VNC injection will be successful because often Microsoft SQL Server 2005 runs as Network Service or the Administrator is not logged in what do you want to do? [1] Give it a try anyway erpreter payload (default)e Met [3] Fall back to Shell payload > 1 do you want sqlmap to upload Churrasco and call the Metasploit payload stager as its argument so that it will be started as SYSTEM? [Y/n] [15:06:07] [INFO] the binary file is bigger than 65280 bytes. sqlmap will split it into chunks, upload them and recreate the original file out of the binary chunks server-side, wait.. [15:06:07] [ERROR] unhandled exception in sqlmap/0.7rc3, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.7rc3 Python version: 2.5.1 Operating system: darwin Traceback (most recent call last): File "./sqlmap.py", line 84, in main start() File "/Users/simonbaker/tools/sqlmap/lib/controller/controller.py", line 263, in start action() File "/Users/simonbaker/tools/sqlmap/lib/controller/action.py", line 143, in action conf.dbmsHandler.osPwn() File "/Users/simonbaker/tools/sqlmap/plugins/generic/takeover.py", line 312, in osPwn self.createMsfPayloadStager() File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 603, in createMsfPayloadStager self.__prepareIngredients() File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 330, in __prepareIngredients self.payloadStr = self.__selectPayload(askChurrasco) File "/Users/simonbaker/tools/sqlmap/lib/takeover/metasploit.py", line 263, in __selectPayload uploaded = self.uploadChurrasco() File "/Users/simonbaker/tools/sqlmap/plugins/generic/takeover.py", line 263, in uploadChurrasco self.writeFile(wFile, self.churrascoPath, "binary", confirm=False) File "/Users/simonbaker/tools/sqlmap/plugins/generic/filesystem.py", line 338, in writeFile self.stackedWriteFile(wFile, dFile, fileType, confirm) File "/Users/simonbaker/tools/sqlmap/plugins/dbms/mssqlserver.py", line 544, in stackedWriteFile chunkName = self.updateBinChunk(wFileChunk, dFile, tmpPath) TypeError: updateBinChunk() takes exactly 3 arguments (4 given) [*] shutting down at: 15:06:07 Simon Baker Penetration Tester Sec-1 Ltd T: 0113 2578955 F: 0113 2579718 This e-mail and any attached files are confidential and may also be legally privileged. They are intended solely for the intended addressee. If you are not the addressee please e-mail it back to the sender and then immediately, permanently delete it. Do not read, print, re-transmit, store or act in reliance on it. This e-mail may be monitored by Sec-1 Ltd in accordance with current regulations. This footnote also confirms that this e-mail message has been swept for the presence of computer viruses currently known to Sec-1 Ltd. However, the recipient is responsible for virus-checking before opening this message and any attachment. Unless expressly stated to the contrary, any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Sec-1 Ltd. Registered Name: Sec-1 Ltd, Registration Number: 4138637, Registered Office Address: Unit 4, Spring Valley Park, Butler Way, Stanningley, Leeds, LS28 6EA. |