Re: [sqlmap-users] SQLMap Stager Uploader
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLMap Stager Uploader
|
From: yonny m. <yo...@go...> - 2011-01-19 21:38:46
|
Thanks for your response Miroslav,
I have tried setting the permissions for the directories do that they
are owned by the apache process ... but still it doesnt seem to work.Here
are the access logs:
127.0.0.1 - - [20/Jan/2011:00:30:15 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
(X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
Firefox/3.6.9"
127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
(X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
Firefox/3.6.9"
127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "GET /tmpuvwtu.php HTTP/1.1" 404
488 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9)
Gecko/20100915 Gentoo Firefox/3.6.9"
127.0.0.1 - - [20/Jan/2011:00:30:49 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
(X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
Firefox/3.5.2"
127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
(X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
Firefox/3.5.2"
127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "GET /tmpucqwh.php HTTP/1.1" 404
488 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729
Slackware/13.0 Firefox/3.5.2"
and the permissions
sylar@Sylar:/pentest/database/sqlmap$ ls -lht /var/www/
drwxrwxrwx 8 www-data www-data 4.0K 2011-01-08 11:40 vux
-rwxrwxrwx 1 www-data www-data 102K 2010-12-21 17:24 fc4.js
-rwxrwxrwx 1 www-data www-data 6.9K 2010-12-21 16:47 41.js
drwxrwxrwx 4 www-data www-data 4.0K 2010-06-16 08:37 mutillidae
... and I have the most latest state of the code from svn
On Thu, Jan 20, 2011 at 12:24 AM, Miroslav Stampar <
mir...@gm...> wrote:
> hi yonny.
>
> few questions.
>
> do you have write permissions "for all" at the "target" directory (for
> example: /var/www/Multidae)? at which directory does Multidae reside
> at your debian machine? what have you entered as "target directory"
> when sqlmap asked you?
>
> as you can guess, most occuring problem with "stager" are the write
> permissions for the web servers process.
>
> KR
>
> On Wed, Jan 19, 2011 at 8:06 PM, yonny mutai <yo...@go...>
> wrote:
> > Hi,
> > Wonderful tool.... Seems like the stager uploader has ceased to
> work...
> > anyone to help with this please..
> > To add more info that might help in troubleshooting :
> > DB : mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486)
> using
> > readline 6.1
> > App: The vulnerable Multidae app
> > Command Used: ./sqlmap.py --level 5 --risk 3 --parse-errors
> --os-pwn
> > --time-sec 10 -a txt/user-agents.txt --text-only --threads 1
> > --timeout 39 -u "http://127.0.0.1/mutillidae/index.php?page=login.php"
> > --method "POST" --data "user_name=txv&password=txv&Submit_button=Submit"
> >
> > Rgds
> >
> ------------------------------------------------------------------------------
> > Protect Your Site and Customers from Malware Attacks
> > Learn about various malware tactics and how to avoid them. Understand
> > malware threats, the impact they can have on your business, and how you
> > can protect your company and customers by using code signing.
> > http://p.sf.net/sfu/oracle-sfdevnl
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>
--
Regards
Yonny Mutai
|
