Re: [sqlmap-users] SQLMap Stager Uploader

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

  I have tried both --os-pwn and --os-shell.I have set my metasploit path in
my sqlmap.conf.. I'm running this on Linux.The application connects to the
db as root.I have also tried --read-file and its also not suceessful.Maybe
its the mysql version... I logged in as root to the db and tried to run
select hex(load_file("__PATH__")) and it also returns null... I'll try
installing a lower version to see how it behaves..

On Thu, Jan 20, 2011 at 1:00 AM, Miroslav Stampar <
mir...@gm...> wrote:

> hi again.
>
> i wrongly mixed --os-shell and --os-pwn. for --os-pwn you need metasploit.
>
> are you using sqlmap on windows or on linux? where is your metasploit
> located (you haven't use the --msf-path=MSFPATH option)?
>
> if on linux then there would be a critical message "unable to locate
> Metasploit Framework 3 installation...." if no --msf-path specified
> (except proper environment variable is set), while on windows that
> message is in form of warning (we should change it to critical abort
> too) which says "[22:50:05] [WARNING] some sqlmap takeover
> functionalities are not yet supported
> on Windows. Please use Linux in a virtual machine for out-of-band features.
> sqlm
> ap will now carry on ignoring out-of-band switches"
>
> kr
>
>
> On Wed, Jan 19, 2011 at 10:37 PM, yonny mutai <yo...@go...>
> wrote:
> > Thanks for your response Miroslav,
> >      I have tried setting the permissions for the directories do that
> they
> > are owned by the apache process ... but still it doesnt seem to work.Here
> > are the access logs:
> > 127.0.0.1 - - [20/Jan/2011:00:30:15 +0300] "POST
> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
> > Firefox/3.6.9"
> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "POST
> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
> > Firefox/3.6.9"
> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "GET /tmpuvwtu.php HTTP/1.1"
> 404
> > 488 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9)
> > Gecko/20100915 Gentoo Firefox/3.6.9"
> > 127.0.0.1 - - [20/Jan/2011:00:30:49 +0300] "POST
> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
> > Firefox/3.5.2"
> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "POST
> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
> > Firefox/3.5.2"
> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "GET /tmpucqwh.php HTTP/1.1"
> 404
> > 488 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
> Gecko/20090729
> > Slackware/13.0 Firefox/3.5.2"
> > and the permissions
> > sylar@Sylar:/pentest/database/sqlmap$ ls  -lht  /var/www/
> > drwxrwxrwx  8 www-data www-data 4.0K 2011-01-08 11:40 vux
> > -rwxrwxrwx  1 www-data www-data 102K 2010-12-21 17:24 fc4.js
> > -rwxrwxrwx  1 www-data www-data 6.9K 2010-12-21 16:47 41.js
> > drwxrwxrwx  4 www-data www-data 4.0K 2010-06-16 08:37 mutillidae
> > ... and I have the most latest state of the code from svn
> >
> >
> >
> >
> > On Thu, Jan 20, 2011 at 12:24 AM, Miroslav Stampar
> > <mir...@gm...> wrote:
> >>
> >> hi yonny.
> >>
> >> few questions.
> >>
> >> do you have write permissions "for all" at the "target" directory (for
> >> example: /var/www/Multidae)? at which directory does Multidae reside
> >> at your debian machine? what have you entered as "target directory"
> >> when sqlmap asked you?
> >>
> >> as you can guess, most occuring problem with "stager" are the write
> >> permissions for the web servers process.
> >>
> >> KR
> >>
> >> On Wed, Jan 19, 2011 at 8:06 PM, yonny mutai <yo...@go...>
> >> wrote:
> >> > Hi,
> >> >    Wonderful tool.... Seems like the stager uploader has ceased to
> >> > work...
> >> > anyone to help with this please..
> >> >   To add more info that might help in troubleshooting :
> >> >     DB : mysql  Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486)
> >> > using
> >> > readline 6.1
> >> >     App: The vulnerable Multidae app
> >> >     Command Used: ./sqlmap.py  --level 5 --risk 3 --parse-errors
> >> > --os-pwn
> >> >      --time-sec 10  -a txt/user-agents.txt   --text-only  --threads 1
> >> > --timeout 39  -u "
> http://127.0.0.1/mutillidae/index.php?page=login.php"
> >> > --method "POST" --data
> "user_name=txv&password=txv&Submit_button=Submit"
> >> >
> >> > Rgds
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Protect Your Site and Customers from Malware Attacks
> >> > Learn about various malware tactics and how to avoid them. Understand
> >> > malware threats, the impact they can have on your business, and how
> you
> >> > can protect your company and customers by using code signing.
> >> > http://p.sf.net/sfu/oracle-sfdevnl
> >> > _______________________________________________
> >> > sqlmap-users mailing list
> >> > sql...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Miroslav Stampar
> >>
> >> E-mail / Jabber: miroslav.stampar (at) gmail.com
> >> Mobile: +385921010204 (HR 0921010204)
> >> PGP Key ID: 0xB5397B1B
> >> Location: Zagreb, Croatia
> >
> >
> >
> > --
> >
> >
> > Regards
> > Yonny Mutai
> >
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>

-- 

Regards
Yonny Mutai