[sqlmap-users] OS Shell
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] OS Shell
|
From: Chris O. <chr...@gm...> - 2011-12-21 14:56:59
|
Hi All I have a time based blind injection on a machine running Windows Server 2003, IIS 6 and SQL Server 2000. The user is running as DBA. I should be able to enable xp_cmdshell, and indeed: [13:10:12] [INFO] testing if current user is DBA [13:10:12] [INFO] retrieved: 1 [13:10:29] [INFO] checking if xp_cmdshell extended procedure is available, please wait.. [13:10:40] [INFO] xp_cmdshell extended procedure is available [13:10:41] [INFO] going to use xp_cmdshell extended procedure for operating system command execution [13:10:41] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER os-shell> dir do you want to retrieve the command standard output? [Y/n/a] [13:10:53] [INFO] retrieved: No output os-shell> ipconfig do you want to retrieve the command standard output? [Y/n/a] [13:11:11] [INFO] retrieved: No output os-shell> exit [13:31:24] [INFO] cleaning up the database management system [13:31:26] [INFO] Fetched data logged to text files under... As you can see, no output is returned (is this because of the injection type I wonder?). I've tried the various out of bounds methods with BT and msf too, but this seems to fail at various stages. Could it be that the database server is separate from the web server and is totally isolated from the outside world by egress rules? I'm trying to understand why in this case nothing seems to be working. Any ideas would be great. Regards Chris |
