Re: [sqlmap-users] Direct connection to Oracle supported?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Direct connection to Oracle supported?
|
From: Yoan A. <yoa...@gm...> - 2013-10-21 18:19:36
|
Maybe you forgot the quotes ? python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users On Mon, Oct 21, 2013 at 8:17 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > sqlmap supports it. Sample console output: > > $ python sqlmap.py -d "oracle://SYSTEM:testpass@192.168.5.27:1521/testdb" > -v 5 --banner > > sqlmap/1.0-dev-8dac47f - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 20:15:37 > > [20:15:37] [DEBUG] cleaning up configuration parameters > [20:15:37] [DEBUG] forcing timeout to 10 seconds > [20:15:37] [INFO] connection to oracle server 192.168.5.27:1521established > [20:15:37] [INFO] the back-end DBMS is Oracle > [20:15:37] [INFO] fetching banner > [20:15:37] [PAYLOAD] SELECT NVL(CAST(banner AS VARCHAR(4000)),' ') FROM > v$version WHERE ROWNUM=1 > back-end DBMS: Oracle > banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - > Prod' > [20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 closed > > [*] shutting down at 20:15:37 > > Could you please check that you run the latest revision from the Github > repository and try to run it with -v 5? Strange thing with your case is > "sqlmap was not able to fingerprint..." while there is no fingerprinting in > sqlmap's direct mode (at least in HEAD revision). > > Kind regards, > Miroslav Stampar > > > On Mon, Oct 21, 2013 at 7:24 PM, Brian Milliron <Br...@ec...>wrote: > >> Using sqlmap on a recently updated Kali installation, I tried to connect >> to an Oracle db using this command: >> sqlmap -d Oracle://user:pass@10.10.10.10:1521/SID >> I get the error message "[CRITICAL] sqlmap was not able to fingerprint >> the back-end database management system. Support for this DBMS will be >> implemented at some point. >> >> The wiki on github states that Oracle is supported for direct >> connections, so there is some confusion here. Wireshark confirms no >> attempt to connect to the server is made at all and the syntax of the >> command appears correct. Can you confirm whether sqlmap currently >> supports direct connections to Oracle databases or if there is some >> other problem? >> >> >> -- >> Brian Milliron, CEO >> ECR Security >> http://www.ECRSecurity.com >> 512-422-5408 >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- *Yoan AGOSTINI* |
