Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?
|
From: Brandon P. <bpe...@gm...> - 2014-06-21 18:26:06
|
So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is coming up greater than 8192 bytes. I have attempted to whittle down the code to just what I was trying to test (sys_bineval) and even just sys_eval but I always get a so larger than 8k. This is larger than a page in pgsql, and so sqlmap bails when trying to insert it. Any thoughts on some I can do to get the size down? I am currently building with the make file and added -ffunction-sections -fdata-sections as well, but to no avail. gcc: bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc --version gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. < ber...@gm...> wrote: > Yes, not high priority but it would be an improvement. Please first verify > if the current code works with SELinux without modifications - I havent > tested it myself. > > Bernardo > > > On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> > wrote: > >> So, reading the source for the pgsql udf here: >> >> >> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c >> >> It looks like we mmap RWX memory in order to eval some commands. Was this >> tested on a machine with SELinux? In my experience, this actually fails to >> allocate when RWX is used as the permissions on the memory region (line >> 186). >> >> I have successfully gotten around this on some systems using a technique >> similar to that described at the bottom of this page (basically mapping two >> pointers to the same file, require FS access though…): >> >> http://www.akkadia.org/drepper/selinux-mem.html >> >> I am going to pull down the udfhack code and try it in a CentOS VM with >> SELinux enabled and see what happens. If it performs how I expect, would >> this be a useful addition to the UDF? >> >> >> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> Hey Bernardo, >>> >>> Any update to this? >>> >>> >>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < >>> ber...@gm...> wrote: >>> >>>> I will be fixing this shortly. >>>> >>>> Bernardo >>>> >>>> >>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> >>>> wrote: >>>> >>>>> Hello! >>>>> >>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>>>> compiled/checked into source control. >>>>> >>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>>>> brandons-imac:sqlmap bperry$ >>>>> >>>>> You can see that: >>>>> >>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>>>> >>>>> is missing. This leads to the following error. Anything I can do to >>>>> help, let me know: >>>>> >>>>> what is the back-end database management system architecture? >>>>> [1] 32-bit (default) >>>>> [2] 64-bit >>>>> > 2 >>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>>>> >>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>>>> retry your run with the latest development version from the GitHub >>>>> repository. If the exception persists, please send by e-mail to ' >>>>> sql...@li...' or open a new issue at ' >>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the >>>>> following text and any information required to reproduce the bug. The >>>>> developers will try to reproduce the bug, fix it accordingly and get back >>>>> to you. >>>>> sqlmap version: 1.0-dev-f558b80 >>>>> Python version: 2.7.5 >>>>> Operating system: posix >>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>>>> --risk=3 --dbms=postgresql -o --os-shell >>>>> Technique: TIME >>>>> Back-end DBMS: PostgreSQL (fingerprinted) >>>>> Traceback (most recent call last): >>>>> File "./sqlmap.py", line 95, in main >>>>> start() >>>>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>>>> line 585, in start >>>>> action() >>>>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>>>> 160, in action >>>>> conf.dbmsHandler.osShell() >>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", >>>>> line 80, in osShell >>>>> self.initEnv(web=web) >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", >>>>> line 198, in initEnv >>>>> success = self.udfInjectSys() >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, >>>>> in udfInjectSys >>>>> return self.udfInjectCore(self.sysUdfs) >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, >>>>> in udfInjectCore >>>>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>>>> "binary", forceCheck=True) >>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>>>> line 270, in writeFile >>>>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>>>> forceCheck) >>>>> File >>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>>>> 37, in stackedWriteFile >>>>> wFileSize = os.path.getsize(wFile) >>>>> File >>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>>>> line 49, in getsize >>>>> return os.stat(filename).st_size >>>>> OSError: [Errno 2] No such file or directory: >>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>>>> >>>>> [*] shutting down at 22:48:43 >>>>> >>>>> >>>>> -- >>>>> http://volatile-minds.blogspot.com -- blog >>>>> http://www.volatileminds.net -- website >>>>> >>>> >>>> >>>> -- >>>> Bernardo Damele A. G. >>>> >>>> E-mail / Jabber: bernardo.damele (at) gmail.com >>>> Mobile: +447788962949 (UK 07788962949) >>>> >>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
