Re: [sqlmap-users] Is xp_cmdshell actived? Why it isn't working?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Is xp_cmdshell actived? Why it isn't working?
|
From: Rodrigo Z. S. <rod...@gm...> - 2014-12-07 19:54:30
|
yeah... but... What I did make sense? I tested and for any value it only delay for the else value. I can't read any file until now. Everything I did fail. Is there another way to check if the xp_cmdshell is really working? I am out of idea now. 2014-12-07 17:32 GMT-02:00 Miroslav Stampar <mir...@gm...>: > You have to redirect output to an output file and read it afterwards. > xp_cmdshell by itself doesn't return anything than the return code. > > Bye > On Dec 7, 2014 8:31 PM, "Rodrigo Zanatta Silva" < > rod...@gm...> wrote: > >> You don't need just to have it activated? You say I can't run the EXEC? >> Any other way to avoid it? >> >> Is there anything I can do? Humm. Come in mind to impersonate another >> user and pray they can do this. >> >> 2014-12-07 17:25 GMT-02:00 Miroslav Stampar <mir...@gm...>: >> >>> No execution rights? >>> >>> Bye >>> On Dec 7, 2014 6:19 PM, "Rodrigo Zanatta Silva" < >>> rod...@gm...> wrote: >>> >>>> Hi. I am doing a pen test in the Microsoft SQL Server 2008 R2 and I can >>>> see that the xp_cmdshell is active. >>>> >>>> IN the table *master.sys.configurations*, the column *value_in_use *show >>>> it is 1, so it is active!! But, every command that I tried to use didn't >>>> result any value. I just tried the most obvious: >>>> >>>> DECLARE @result int; EXEC @result = xp_cmdshell 'echo a'; IF (@result = >>>> 0) WAITFOR DELAY '00:01:00' ELSE WAITFOR DELAY '00:00:05' >>>> >>>> But it just waint 5 second. Any idea why this happens? >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >>>> more >>>> Get technology previously reserved for billion-dollar corporations, FREE >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >> |
