Re: [sqlmap-users] Re : Error on takeover
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Re : Error on takeover
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-10-25 11:38:00
|
We have experienced this behaviour before. On Windows XP as a target, the dbms process user is not able to launch the payload stager (or any other portable executable). However, on W2k3 it works. Bernardo 2010/10/23 Christophe Clémence <cl...@ya...>: > Hi, > It works fine ... but it can't launch the remote exe file, I think it's a > security of windows xp or mysql ... > Thanks ;) > ________________________________ > De : Miroslav Stampar <mir...@gm...> > À : Christophe Clémence <cl...@ya...> > Cc : sql...@li... > Envoyé le : Sam 23 octobre 2010, 8h 46min 17s > Objet : Re: [sqlmap-users] Error on takeover > > Hi Christophe. > > It seems that you are using too old version (it's official but right > now it's too old :) ). In the latest 0.9-dev this is fixed. > > Please checkout the latest development version from our SVN repository > by doing this: > > svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev > > Kind regards. > > > 2010/10/23 Christophe Clémence <cl...@ya...>: >> Hi, I'm trying sqlmap, it works good but when I want to take over the >> server, sqlmap crashes ! >> Here is the command line I used : sqlmap -u >> http://192.168.1.5/sql.php?id=1 >> --os-pwn --msf-path /opt/metasploit3 -v 1 >> It asks me for the languages supported by the server and the root >> directory >> (I wrote "C:/Program Files/wamp/www/") >> It asks for the directory to upload the agent, I wrote the same path ... >> And then ... error ! It did'nt give me the filename of the agent :( >> I noticed that the file agent has been uploaded (I own the target >> server) but the first line begins with the first line of the sql table I >> created for this tests (???) >> And the agent works good (files are uploaded without problems) >> Here is the trace of the error : >> [00:22:13] [ERROR] unhandled exception in sqlmap/0.8, please copy the >> command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon as >> possible: >> sqlmap version: 0.8 >> Python version: 2.5.2 >> Operating system: linux2 >> Traceback (most recent call last): >> File "/usr/bin/sqlmap", line 77, in main >> start() >> File "/usr/share/sqlmap/lib/controller/controller.py", line 259, in >> start >> action() >> File "/usr/share/sqlmap/lib/controller/action.py", line 144, in action >> conf.dbmsHandler.osPwn() >> File "/usr/share/sqlmap/plugins/generic/takeover.py", line 169, in osPwn >> self.initEnv(web=web) >> File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 155, in >> initEnv >> self.webInit() >> File "/usr/share/sqlmap/lib/takeover/web.py", line 189, in webInit >> uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, >> raise404=False) >> File "/usr/share/sqlmap/lib/request/connect.py", line 126, in getPage >> conn = urllib2.urlopen(req) >> File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen >> return _opener.open(url, data) >> File "/usr/lib/python2.5/urllib2.py", line 381, in open >> response = self._open(req, data) >> File "/usr/lib/python2.5/urllib2.py", line 399, in _open >> '_open', req) >> File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain >> result = func(*args) >> File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open >> h = http_class(host) # will parse host:port >> File "/usr/lib/python2.5/httplib.py", line 639, in __init__ >> self._set_hostport(host, port) >> File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport >> raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) >> InvalidURL: nonnumeric port: '' >> [*] shutting down at: 00:22:13 >> >> >> >> ------------------------------------------------------------------------------ >> Nokia and AT&T present the 2010 Calling All Innovators-North America >> contest >> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada >> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in >> marketing >> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store >> http://p.sf.net/sfu/nokia-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
