Re: [sqlmap-users] SQLMap Stager Uploader
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLMap Stager Uploader
|
From: Miroslav S. <mir...@gm...> - 2011-01-23 18:28:50
|
currently i am rewriting that all logic.
will report
kr
On Sun, Jan 23, 2011 at 6:28 PM, yonny mutai <yo...@go...> wrote:
> Hi Miroslav,
> I found out it was apparmour which was hindering mysql from writing the
> file.. It now writes the file but the script fails with the message "unable
> to upload the file stager on '/var/www/'.. although the file exists in the
> directory and when the script does a GET on the file it gets it .
> which web application language does the web server support?
> [1] ASP
> [2] ASPX
> [3] PHP (default)
> [4] JSP
>>
> [20:23:35] [WARNING] unable to retrieve the web server document root
> please provide the web server document root [/var/www/]:
> [20:23:35] [WARNING] unable to retrieve any web server path
> please provide any additional web server full path to try to upload the
> agent [/var/www/]:
> [20:23:36] [WARNING] unable to upload the file stager on '/var/www/'
> [20:23:36] [INFO] Fetched data logged to text files under
> '/pentest/database/sqlmap/output/127.0.0.1'
>
> 127.0.0.1 - - [23/Jan/2011:20:23:34 +0300] "POST
> /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-" "Opera/9.62
> (Windows NT 5.1; U; pt-BR) Presto/2.1.1"
> 127.0.0.1 - - [23/Jan/2011:20:23:36 +0300] "POST
> /mutillidae/index.php?page=login.php HTTP/1.1" 200 5983 "-" "Opera/9.62
> (Windows NT 5.1; U; pt-BR) Presto/2.1.1"
> 127.0.0.1 - - [23/Jan/2011:20:23:36 +0300] "GET /tmpubtee.php HTTP/1.1" 200
> 241 "-" "Opera/9.62 (Windows NT 5.1; U; pt-BR) Presto/2.1.1"
> sylar@Sylar:/pentest/database/sqlmap$ ls -lhtr /var/www/
> total 324K
> drwxrwxrwx 4 mysql mysql 4.0K 2010-06-16 08:37 mutillidae
> drwxrwxrwx 15 mysql mysql 4.0K 2010-11-02 12:15 3G_data_promo
> -rwxrwxrwx 1 mysql mysql 6.9K 2010-12-21 16:47 41.js
> -rwxrwxrwx 1 mysql mysql 13K 2010-12-21 16:48 index.html
> drwxrwxrwx 8 mysql mysql 4.0K 2011-01-08 11:40 vux
> -rwxrwxrwx 1 mysql mysql 39K 2011-01-16 22:41 mutillidae1.5.zip
> -rw-r--r-- 1 mysql mysql 1.3K 2011-01-19 12:24 ppx.php
> -rw-rw-rw- 1 mysql mysql 1.3K 2011-01-23 20:23 tmpubtee.php
>
>
> On Thu, Jan 20, 2011 at 1:15 AM, yonny mutai <yo...@go...> wrote:
>>
>> I have tried both --os-pwn and --os-shell.I have set my metasploit path
>> in my sqlmap.conf.. I'm running this on Linux.The application connects to
>> the db as root.I have also tried --read-file and its also not
>> suceessful.Maybe its the mysql version... I logged in as root to the db and
>> tried to run select hex(load_file("__PATH__")) and it also returns null...
>> I'll try installing a lower version to see how it behaves..
>>
>> On Thu, Jan 20, 2011 at 1:00 AM, Miroslav Stampar
>> <mir...@gm...> wrote:
>>>
>>> hi again.
>>>
>>> i wrongly mixed --os-shell and --os-pwn. for --os-pwn you need
>>> metasploit.
>>>
>>> are you using sqlmap on windows or on linux? where is your metasploit
>>> located (you haven't use the --msf-path=MSFPATH option)?
>>>
>>> if on linux then there would be a critical message "unable to locate
>>> Metasploit Framework 3 installation...." if no --msf-path specified
>>> (except proper environment variable is set), while on windows that
>>> message is in form of warning (we should change it to critical abort
>>> too) which says "[22:50:05] [WARNING] some sqlmap takeover
>>> functionalities are not yet supported
>>> on Windows. Please use Linux in a virtual machine for out-of-band
>>> features. sqlm
>>> ap will now carry on ignoring out-of-band switches"
>>>
>>> kr
>>>
>>>
>>> On Wed, Jan 19, 2011 at 10:37 PM, yonny mutai <yo...@go...>
>>> wrote:
>>> > Thanks for your response Miroslav,
>>> > I have tried setting the permissions for the directories do that
>>> > they
>>> > are owned by the apache process ... but still it doesnt seem to
>>> > work.Here
>>> > are the access logs:
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:15 +0300] "POST
>>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-"
>>> > "Mozilla/5.0
>>> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
>>> > Firefox/3.6.9"
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "POST
>>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-"
>>> > "Mozilla/5.0
>>> > (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo
>>> > Firefox/3.6.9"
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:19 +0300] "GET /tmpuvwtu.php HTTP/1.1"
>>> > 404
>>> > 488 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9)
>>> > Gecko/20100915 Gentoo Firefox/3.6.9"
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:49 +0300] "POST
>>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 5949 "-"
>>> > "Mozilla/5.0
>>> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
>>> > Firefox/3.5.2"
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "POST
>>> > /mutillidae/index.php?page=login.php HTTP/1.1" 200 3123 "-"
>>> > "Mozilla/5.0
>>> > (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0
>>> > Firefox/3.5.2"
>>> > 127.0.0.1 - - [20/Jan/2011:00:30:51 +0300] "GET /tmpucqwh.php HTTP/1.1"
>>> > 404
>>> > 488 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2)
>>> > Gecko/20090729
>>> > Slackware/13.0 Firefox/3.5.2"
>>> > and the permissions
>>> > sylar@Sylar:/pentest/database/sqlmap$ ls -lht /var/www/
>>> > drwxrwxrwx 8 www-data www-data 4.0K 2011-01-08 11:40 vux
>>> > -rwxrwxrwx 1 www-data www-data 102K 2010-12-21 17:24 fc4.js
>>> > -rwxrwxrwx 1 www-data www-data 6.9K 2010-12-21 16:47 41.js
>>> > drwxrwxrwx 4 www-data www-data 4.0K 2010-06-16 08:37 mutillidae
>>> > ... and I have the most latest state of the code from svn
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, Jan 20, 2011 at 12:24 AM, Miroslav Stampar
>>> > <mir...@gm...> wrote:
>>> >>
>>> >> hi yonny.
>>> >>
>>> >> few questions.
>>> >>
>>> >> do you have write permissions "for all" at the "target" directory (for
>>> >> example: /var/www/Multidae)? at which directory does Multidae reside
>>> >> at your debian machine? what have you entered as "target directory"
>>> >> when sqlmap asked you?
>>> >>
>>> >> as you can guess, most occuring problem with "stager" are the write
>>> >> permissions for the web servers process.
>>> >>
>>> >> KR
>>> >>
>>> >> On Wed, Jan 19, 2011 at 8:06 PM, yonny mutai <yo...@go...>
>>> >> wrote:
>>> >> > Hi,
>>> >> > Wonderful tool.... Seems like the stager uploader has ceased to
>>> >> > work...
>>> >> > anyone to help with this please..
>>> >> > To add more info that might help in troubleshooting :
>>> >> > DB : mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu
>>> >> > (i486)
>>> >> > using
>>> >> > readline 6.1
>>> >> > App: The vulnerable Multidae app
>>> >> > Command Used: ./sqlmap.py --level 5 --risk 3 --parse-errors
>>> >> > --os-pwn
>>> >> > --time-sec 10 -a txt/user-agents.txt --text-only --threads
>>> >> > 1
>>> >> > --timeout 39 -u
>>> >> > "http://127.0.0.1/mutillidae/index.php?page=login.php"
>>> >> > --method "POST" --data
>>> >> > "user_name=txv&password=txv&Submit_button=Submit"
>>> >> >
>>> >> > Rgds
>>> >> >
>>> >> >
>>> >> > ------------------------------------------------------------------------------
>>> >> > Protect Your Site and Customers from Malware Attacks
>>> >> > Learn about various malware tactics and how to avoid them.
>>> >> > Understand
>>> >> > malware threats, the impact they can have on your business, and how
>>> >> > you
>>> >> > can protect your company and customers by using code signing.
>>> >> > http://p.sf.net/sfu/oracle-sfdevnl
>>> >> > _______________________________________________
>>> >> > sqlmap-users mailing list
>>> >> > sql...@li...
>>> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Miroslav Stampar
>>> >>
>>> >> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> >> Mobile: +385921010204 (HR 0921010204)
>>> >> PGP Key ID: 0xB5397B1B
>>> >> Location: Zagreb, Croatia
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> >
>>> > Regards
>>> > Yonny Mutai
>>> >
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>>
>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> Mobile: +385921010204 (HR 0921010204)
>>> PGP Key ID: 0xB5397B1B
>>> Location: Zagreb, Croatia
>>
>>
>>
>> --
>>
>>
>> Regards
>> Yonny Mutai
>
>
>
> --
>
>
> Regards
> Yonny Mutai
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
