[sqlmap-users] Unhandled Exception while Banner Grabbing

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Running SVN revision 1347 (latest) and using the most up to date XML
versions file. System environment is as follows:

Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15)  [GCC 4.4.1] on linux2
Ubuntu 9.10 (Karmic - x86/32bit) 2.6.31-19-generic

The initial enumeration without banner grabbing, returns and then confirms
that the DBMS is Microsoft SQL server (expected behaviour). However running
any subsequent operations (including -f and/or -b) returns:

[00:35:51] [ERROR] sqlmap was not able to fingerprint the back-end database
management system. Support for this DBMS will be implemented if you ask,
just drop us an email

If I erase the output folder for that scan, it works once again, but only
for the first scan. However if I erase the output folder, and then try to
banner grab, the following happens:

sbit@hati:/opt/sqlmap$ ./sqlmap.py -u
"http://www.[REDACTED].com/[REDACTED].asp?[REDACTED]=[REDACTED]"
-f --banner

    sqlmap/0.8-rc7 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 00:40:16

[00:40:16] [INFO] using '/opt/sqlmap/output/www.[REDACTED].com/session' as
session file
[00:40:16] [INFO] testing connection to the target url
[00:40:17] [INFO] testing if the url is stable, wait a few seconds
[00:40:19] [INFO] url is stable
[00:40:19] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[00:40:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[00:40:20] [INFO] testing if Cookie parameter 'ASPSESSIONIDCSCDTATD' is
dynamic
[00:40:21] [WARNING] Cookie parameter 'ASPSESSIONIDCSCDTATD' is not dynamic
[00:40:21] [INFO] testing if GET parameter '[REDACTED]' is dynamic
[00:40:21] [INFO] confirming that GET parameter '[REDACTED]' is dynamic
[00:40:22] [INFO] GET parameter '[REDACTED]' is dynamic
[00:40:22] [INFO] testing sql injection on GET parameter '[REDACTED]' with 0
parenthesis
[00:40:22] [INFO] testing unescaped numeric injection on GET parameter
'[REDACTED]'
[00:40:22] [INFO] GET parameter '[REDACTED]' is not unescaped numeric
injectable
[00:40:22] [INFO] testing single quoted string injection on GET parameter
'[REDACTED]'
[00:40:23] [INFO] confirming single quoted string injection on GET parameter
'[REDACTED]'
[00:40:24] [INFO] GET parameter '[REDACTED]' is single quoted string
injectable with 0 parenthesis
[00:40:24] [INFO] testing for parenthesis on injectable parameter
[00:40:28] [INFO] the injectable parameter requires 0 parenthesis
[00:40:28] [INFO] testing MySQL
[00:40:28] [WARNING] the back-end DMBS is not MySQL
[00:40:28] [INFO] testing Oracle
[00:40:28] [WARNING] the back-end DMBS is not Oracle
[00:40:28] [INFO] testing PostgreSQL
[00:40:28] [WARNING] the back-end DMBS is not PostgreSQL
[00:40:28] [INFO] testing Microsoft SQL Server
[00:40:29] [INFO] confirming Microsoft SQL Server
[00:40:34] [INFO] the back-end DBMS is Microsoft SQL Server
[00:40:34] [INFO] fetching banner
[00:40:34] [INFO] retrieved: Microsoft SQL Server 2008 (SP1) - 10.0.2531.0
(X64)
    Mar 29 2009 10:11:52
    Copyright (c) 1988-2008 Microsoft Corporation
    Web Edition (64-bit) on Windows NT 6.0 <X64> (Build 6001: Service Pack
1) (VM)

[00:59:32] [INFO] the back-end DBMS operating system is Windows 2003 Service
Pack 1
[00:59:32] [ERROR] unhandled exception in sqlmap/0.8-rc7 - automatic SQL
injection and database takeover tool, please copy the command line and the
following text and send by e-mail to sql...@li.... The
developer will fix it as soon as possible:
sqlmap version: 0.8-rc7
Python version: 2.6.4
Operating system: linux2
Traceback (most recent call last):
  File "./sqlmap.py", line 77, in main
    start()
  File "/opt/sqlmap/lib/controller/controller.py", line 257, in start
    action()
  File "/opt/sqlmap/lib/controller/action.py", line 68, in action
    print "%s\n" % conf.dbmsHandler.getFingerprint()
  File "/opt/sqlmap/plugins/dbms/mssqlserver.py", line 152, in
getFingerprint
    release = kb.bannerFp["dbmsRelease"]
KeyError: 'dbmsRelease'

[*] shutting down at: 00:59:32

Daniel Hückmann - Sophsec Intrusion Labs - Silicon Forest (PDX)
--------------------------------------------------------------------------
http://www.google.com/profiles/sanitybit
http://twitter.com/sanitybit