Re: [sqlmap-users] SQLMap Stager Uploader
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLMap Stager Uploader
|
From: yonny m. <yo...@go...> - 2011-01-23 17:29:19
|
Hi Miroslav,
I found out it was apparmour which was hindering mysql from writing the
file.. It now writes the file but the script fails with the message "unable
to upload the file stager on '/var/www/'.. although the file exists in the
directory and when the script does a GET on the file it gets it .
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] PHP (default)
[4] JSP
>
[20:23:35] [WARNING] unable to retrieve the web server document root
please provide the web server document root [/var/www/]:
[20:23:35] [WARNING] unable to retrieve any web server path
please provide any additional web server full path to try to upload the
agent [/var/www/]:
[20:23:36] [WARNING] unable to upload the file stager on '/var/www/'
[20:23:36] [INFO] Fetched data logged to text files under
'/pentest/database/sqlmap/output/127.0.0.1'
127.0.0.1 - - [23/Jan/2011:20:23:34 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Opera/9.62
(Windows NT 5.1; U; pt-BR) Presto/2.1.1"
127.0.0.1 - - [23/Jan/2011:20:23:36 +0300] "POST
/mutillidae/index.php?page=login.php HTTP/1.1" 200 5983 "-" "Opera/9.62
(Windows NT 5.1; U; pt-BR) Presto/2.1.1"
127.0.0.1 - - [23/Jan/2011:20:23:36 +0300] "GET /tmpubtee.php HTTP/1.1" 200
241 "-" "Opera/9.62 (Windows NT 5.1; U; pt-BR) Presto/2.1.1"
sylar@Sylar:/pentest/database/sqlmap$ ls -lhtr /var/www/
total 324K
drwxrwxrwx 4 mysql mysql 4.0K 2010-06-16 08:37 mutillidae
drwxrwxrwx 15 mysql mysql 4.0K 2010-11-02 12:15 3G_data_promo
-rwxrwxrwx 1 mysql mysql 6.9K 2010-12-21 16:47 41.js
-rwxrwxrwx 1 mysql mysql 13K 2010-12-21 16:48 index.html
drwxrwxrwx 8 mysql mysql 4.0K 2011-01-08 11:40 vux
-rwxrwxrwx 1 mysql mysql 39K 2011-01-16 22:41 mutillidae1.5.zip
-rw-r--r-- 1 mysql mysql 1.3K 2011-01-19 12:24 ppx.php
-rw-rw-rw- 1 mysql mysql 1.3K 2011-01-23 20:23 tmpubtee.php
On Thu, Jan 20, 2011 at 1:15 AM, yonny mutai <yo...@go...> wrote:
> I have tried both --os-pwn and --os-shell.I have set my metasploit path
> in my sqlmap.conf.. I'm running this on Linux.The application connects to
> the db as root.I have also tried --read-file and its also not
> suceessful.Maybe its the mysql version... I logged in as root to the db and
> tried to run select hex(load_file("__PATH__")) and it also returns null...
> I'll try installing a lower version to see how it behaves..
>
>
> On Thu, Jan 20, 2011 at 1:00 AM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> hi again.
>>
>> i wrongly mixed --os-shell and --os-pwn. for --os-pwn you need metasploit.
>>
>> are you using sqlmap on windows or on linux? where is your metasploit
>> located (you haven't use the --msf-path=MSFPATH option)?
>>
>> if on linux then there would be a critical message "unable to locate
>> Metasploit Framework 3 installation...." if no --msf-path specified
>> (except proper environment variable is set), while on windows that
>> message is in form of warning (we should change it to critical abort
>> too) which says "[22:50:05] [WARNING] some sqlmap takeover
>> functionalities are not yet supported
>> on Windows. Please use Linux in a virtual machine for out-of-band
>> features. sqlm
>> ap will now carry on ignoring out-of-band switches"
>>
>> kr
>>
>>
>> On Wed, Jan 19, 2011 at 10:37 PM, yonny mutai <yo...@go...>
>> wrote:
>> > Thanks for your response Miroslav,
>> > I have tried setting the permissions for the directories do that
>> they
>> > are owned by the apache process ... but still it doesnt seem to
>> work.Here
>> > are the access logs:
>> > 127.0.0.1 - - [20/Jan/2011:00:30:15 +0300] "POST
>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
>> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
>> > Firefox/3.6.9"
>> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "POST
>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
>> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
>> > Firefox/3.6.9"
>> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "GET /tmpuvwtu.php HTTP/1.1"
>> 404
>> > 488 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9)
>> > Gecko/20100915 Gentoo Firefox/3.6.9"
>> > 127.0.0.1 - - [20/Jan/2011:00:30:49 +0300] "POST
>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Mozilla/5.0
>> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
>> > Firefox/3.5.2"
>> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "POST
>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-" "Mozilla/5.0
>> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
>> > Firefox/3.5.2"
>> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "GET /tmpucqwh.php HTTP/1.1"
>> 404
>> > 488 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
>> Gecko/20090729
>> > Slackware/13.0 Firefox/3.5.2"
>> > and the permissions
>> > sylar@Sylar:/pentest/database/sqlmap$ ls -lht /var/www/
>> > drwxrwxrwx 8 www-data www-data 4.0K 2011-01-08 11:40 vux
>> > -rwxrwxrwx 1 www-data www-data 102K 2010-12-21 17:24 fc4.js
>> > -rwxrwxrwx 1 www-data www-data 6.9K 2010-12-21 16:47 41.js
>> > drwxrwxrwx 4 www-data www-data 4.0K 2010-06-16 08:37 mutillidae
>> > ... and I have the most latest state of the code from svn
>> >
>> >
>> >
>> >
>> > On Thu, Jan 20, 2011 at 12:24 AM, Miroslav Stampar
>> > <mir...@gm...> wrote:
>> >>
>> >> hi yonny.
>> >>
>> >> few questions.
>> >>
>> >> do you have write permissions "for all" at the "target" directory (for
>> >> example: /var/www/Multidae)? at which directory does Multidae reside
>> >> at your debian machine? what have you entered as "target directory"
>> >> when sqlmap asked you?
>> >>
>> >> as you can guess, most occuring problem with "stager" are the write
>> >> permissions for the web servers process.
>> >>
>> >> KR
>> >>
>> >> On Wed, Jan 19, 2011 at 8:06 PM, yonny mutai <yo...@go...>
>> >> wrote:
>> >> > Hi,
>> >> > Wonderful tool.... Seems like the stager uploader has ceased to
>> >> > work...
>> >> > anyone to help with this please..
>> >> > To add more info that might help in troubleshooting :
>> >> > DB : mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486)
>> >> > using
>> >> > readline 6.1
>> >> > App: The vulnerable Multidae app
>> >> > Command Used: ./sqlmap.py --level 5 --risk 3 --parse-errors
>> >> > --os-pwn
>> >> > --time-sec 10 -a txt/user-agents.txt --text-only --threads 1
>> >> > --timeout 39 -u "
>> http://127.0.0.1/mutillidae/index.php?page=login.php"
>> >> > --method "POST" --data
>> "user_name=txv&password=txv&Submit_button=Submit"
>> >> >
>> >> > Rgds
>> >> >
>> >> >
>> ------------------------------------------------------------------------------
>> >> > Protect Your Site and Customers from Malware Attacks
>> >> > Learn about various malware tactics and how to avoid them. Understand
>> >> > malware threats, the impact they can have on your business, and how
>> you
>> >> > can protect your company and customers by using code signing.
>> >> > http://p.sf.net/sfu/oracle-sfdevnl
>> >> > _______________________________________________
>> >> > sqlmap-users mailing list
>> >> > sql...@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Miroslav Stampar
>> >>
>> >> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> >> Mobile: +385921010204 (HR 0921010204)
>> >> PGP Key ID: 0xB5397B1B
>> >> Location: Zagreb, Croatia
>> >
>> >
>> >
>> > --
>> >
>> >
>> > Regards
>> > Yonny Mutai
>> >
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>
>
>
> --
>
>
> Regards
> Yonny Mutai
>
--
Regards
Yonny Mutai
|
