Re: [sqlmap-users] shell upload
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] shell upload
|
From: Ahmed S. <ah...@is...> - 2011-04-25 08:32:04
|
it based uploading shell with the latest reversion (r3770) but here is
another issue
[10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3770)
Python version: 2.7
Operating system: posix
Command line: ./sqlmap.py -u
******************************************************* -p id --text-only
--cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in
start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
action
conf.dbmsHandler.osPwn()
File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in
osPwn
self.uploadShellcodeexec(web=web)
File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in
uploadShellcodeexec
self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote,
self.webDirectory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
webFileUpload
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
__webFileStreamUpload
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams,
raise404=False)
File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
getPage
conn = multipartOpener.open(url, multipart)
File "/usr/lib/python2.7/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.7/httplib.py", line 946, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
msg += message_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396:
ordinal not in range(128)
[*] shutting down at: 10:30:07
On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote:
> there is an issue when sqlmap comes to shell upload via os-shell or os-pwn
>
> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry
> your run with the latest development version from the Subversion repository.
> If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r3767)
> Python version: 2.7
> Operating system: posix
> Command line: ./sqlmap.py -u
> ******************************************************* -p id --text-only
> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap.py", line 83, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line 485,
> in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
> action
> conf.dbmsHandler.osPwn()
> File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 243, in
> osPwn
> self.uploadMsfPayloadStager(web=web)
> File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 628, in
> uploadMsfPayloadStager
> self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote,
> self.webDirectory)
> File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
> webFileUpload
> retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
> File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
> __webFileStreamUpload
> page = Request.getPage(url=self.webStagerUrl,
> multipart=multipartParams, raise404=False)
> File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
> getPage
> conn = multipartOpener.open(url, multipart)
> File "/usr/lib/python2.7/urllib2.py", line 391, in open
> response = self._open(req, data)
> File "/usr/lib/python2.7/urllib2.py", line 409, in _open
> '_open', req)
> File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
> result = func(*args)
> File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
> return self.do_open(httplib.HTTPConnection, req)
> File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
> h.request(req.get_method(), req.get_selector(), req.data, headers)
> File "/usr/lib/python2.7/httplib.py", line 946, in request
> self._send_request(method, url, body, headers)
> File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
> self.endheaders(body)
> File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
> self._send_output(message_body)
> File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
> msg += message_body
> UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 387:
> ordinal not in range(128)
>
> [*] shutting down at: 10:24:59
>
> [root@localhost sqlmap]#
>
> --
>
> - Ahmed Shawky El-Antry
> - Pen-tester, Programmer and System administrator
> - lnxg33k owner "http://lnxg33k.wordpress.com"
> - Isecur1ty team member"http://www.isecur1ty.org"
> - Twitter @lnxg33k
>
>
>
--
- Ahmed Shawky El-Antry
- Pen-tester, Programmer and System administrator
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
