Re: [sqlmap-users] OS Shell
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] OS Shell
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-12-21 15:31:49
|
Hi Chris, On 21 December 2011 14:56, Chris Oakley <chr...@gm...> wrote: > Hi All > > I have a time based blind injection on a machine running Windows Server > 2003, IIS 6 and SQL Server 2000. The user is running as DBA. I should be > able to enable xp_cmdshell, and indeed: Indeed. > ... > As you can see, no output is returned (is this because of the injection type > I wonder?). No, it has nothing to do with the injection type. SQL payloads used by sqlmap has been written and the core has been engineered in a way that regardless of the technique used, sqlmap is able to retrieve the queries' output. The issue is somewhere else. > I've tried the various out of bounds methods with BT and msf too, but this > seems to fail at various stages. > > Could it be that the database server is separate from the web server and is > totally isolated from the outside world by egress rules? This could be, but it looks to me that you're mixing xp_cmdshell/bug with network rules. I think that the issue here is about xp_cmdshell. Could you please relaunch with -v 3 --parse-errors -t traffic.log and send us (privately if you prefer) the whole output and the log file? Thank you. Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
