Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?
|
From: Brandon P. <bpe...@gm...> - 2014-06-21 18:50:02
|
I was also able to shave off about 100 bytes using --remove-section=.note and --remove-section=.comment as arguments to strip FWIW. On Sat, Jun 21, 2014 at 1:25 PM, Brandon Perry <bpe...@gm...> wrote: > So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is > coming up greater than 8192 bytes. I have attempted to whittle down the > code to just what I was trying to test (sys_bineval) and even just sys_eval > but I always get a so larger than 8k. This is larger than a page in pgsql, > and so sqlmap bails when trying to insert it. > > Any thoughts on some I can do to get the size down? I am currently > building with the make file and added -ffunction-sections -fdata-sections > as well, but to no avail. > > gcc: > bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc > --version > gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2 > Copyright (C) 2012 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ > > > > On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> Yes, not high priority but it would be an improvement. Please first >> verify if the current code works with SELinux without modifications - I >> havent tested it myself. >> >> Bernardo >> >> >> On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> >> wrote: >> >>> So, reading the source for the pgsql udf here: >>> >>> >>> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c >>> >>> It looks like we mmap RWX memory in order to eval some commands. Was >>> this tested on a machine with SELinux? In my experience, this actually >>> fails to allocate when RWX is used as the permissions on the memory region >>> (line 186). >>> >>> I have successfully gotten around this on some systems using a technique >>> similar to that described at the bottom of this page (basically mapping two >>> pointers to the same file, require FS access though…): >>> >>> http://www.akkadia.org/drepper/selinux-mem.html >>> >>> I am going to pull down the udfhack code and try it in a CentOS VM with >>> SELinux enabled and see what happens. If it performs how I expect, would >>> this be a useful addition to the UDF? >>> >>> >>> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry < >>> bpe...@gm...> wrote: >>> >>>> Hey Bernardo, >>>> >>>> Any update to this? >>>> >>>> >>>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < >>>> ber...@gm...> wrote: >>>> >>>>> I will be fixing this shortly. >>>>> >>>>> Bernardo >>>>> >>>>> >>>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> >>>>> wrote: >>>>> >>>>>> Hello! >>>>>> >>>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>>>>> compiled/checked into source control. >>>>>> >>>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>>>>> brandons-imac:sqlmap bperry$ >>>>>> >>>>>> You can see that: >>>>>> >>>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>>>>> >>>>>> is missing. This leads to the following error. Anything I can do to >>>>>> help, let me know: >>>>>> >>>>>> what is the back-end database management system architecture? >>>>>> [1] 32-bit (default) >>>>>> [2] 64-bit >>>>>> > 2 >>>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>>>>> >>>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>>>>> retry your run with the latest development version from the GitHub >>>>>> repository. If the exception persists, please send by e-mail to ' >>>>>> sql...@li...' or open a new issue at ' >>>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the >>>>>> following text and any information required to reproduce the bug. The >>>>>> developers will try to reproduce the bug, fix it accordingly and get back >>>>>> to you. >>>>>> sqlmap version: 1.0-dev-f558b80 >>>>>> Python version: 2.7.5 >>>>>> Operating system: posix >>>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>>>>> --risk=3 --dbms=postgresql -o --os-shell >>>>>> Technique: TIME >>>>>> Back-end DBMS: PostgreSQL (fingerprinted) >>>>>> Traceback (most recent call last): >>>>>> File "./sqlmap.py", line 95, in main >>>>>> start() >>>>>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>>>>> line 585, in start >>>>>> action() >>>>>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>>>>> 160, in action >>>>>> conf.dbmsHandler.osShell() >>>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", >>>>>> line 80, in osShell >>>>>> self.initEnv(web=web) >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", >>>>>> line 198, in initEnv >>>>>> success = self.udfInjectSys() >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, >>>>>> in udfInjectSys >>>>>> return self.udfInjectCore(self.sysUdfs) >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, >>>>>> in udfInjectCore >>>>>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>>>>> "binary", forceCheck=True) >>>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>>>>> line 270, in writeFile >>>>>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>>>>> forceCheck) >>>>>> File >>>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>>>>> 37, in stackedWriteFile >>>>>> wFileSize = os.path.getsize(wFile) >>>>>> File >>>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>>>>> line 49, in getsize >>>>>> return os.stat(filename).st_size >>>>>> OSError: [Errno 2] No such file or directory: >>>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>>>>> >>>>>> [*] shutting down at 22:48:43 >>>>>> >>>>>> >>>>>> -- >>>>>> http://volatile-minds.blogspot.com -- blog >>>>>> http://www.volatileminds.net -- website >>>>>> >>>>> >>>>> >>>>> -- >>>>> Bernardo Damele A. G. >>>>> >>>>> E-mail / Jabber: bernardo.damele (at) gmail.com >>>>> Mobile: +447788962949 (UK 07788962949) >>>>> >>>> >>>> >>>> >>>> -- >>>> http://volatile-minds.blogspot.com -- blog >>>> http://www.volatileminds.net -- website >>>> >>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
