Re: [sqlmap-users] Is xp_cmdshell actived? Why it isn't working?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Is xp_cmdshell actived? Why it isn't working?
|
From: Brandon P. <bpe...@gm...> - 2014-12-07 20:12:34
|
Open up a netcat listener and make xp_cmdshell telnet into it as a test. On Sunday, December 7, 2014, Rodrigo Zanatta Silva < rod...@gm...> wrote: > yeah... but... What I did make sense? I tested and for any value it only > delay for the else value. > > I can't read any file until now. Everything I did fail. > > Is there another way to check if the xp_cmdshell is really working? I am > out of idea now. > > 2014-12-07 17:32 GMT-02:00 Miroslav Stampar <mir...@gm... > <javascript:_e(%7B%7D,'cvml','mir...@gm...');>>: > >> You have to redirect output to an output file and read it afterwards. >> xp_cmdshell by itself doesn't return anything than the return code. >> >> Bye >> On Dec 7, 2014 8:31 PM, "Rodrigo Zanatta Silva" < >> rod...@gm... >> <javascript:_e(%7B%7D,'cvml','rod...@gm...');>> wrote: >> >>> You don't need just to have it activated? You say I can't run the EXEC? >>> Any other way to avoid it? >>> >>> Is there anything I can do? Humm. Come in mind to impersonate another >>> user and pray they can do this. >>> >>> 2014-12-07 17:25 GMT-02:00 Miroslav Stampar <mir...@gm... >>> <javascript:_e(%7B%7D,'cvml','mir...@gm...');>>: >>> >>>> No execution rights? >>>> >>>> Bye >>>> On Dec 7, 2014 6:19 PM, "Rodrigo Zanatta Silva" < >>>> rod...@gm... >>>> <javascript:_e(%7B%7D,'cvml','rod...@gm...');>> wrote: >>>> >>>>> Hi. I am doing a pen test in the Microsoft SQL Server 2008 R2 and I >>>>> can see that the xp_cmdshell is active. >>>>> >>>>> IN the table *master.sys.configurations*, the column *value_in_use *show >>>>> it is 1, so it is active!! But, every command that I tried to use didn't >>>>> result any value. I just tried the most obvious: >>>>> >>>>> DECLARE @result int; EXEC @result = xp_cmdshell 'echo a'; IF (@result >>>>> = 0) WAITFOR DELAY '00:01:00' ELSE WAITFOR DELAY '00:00:05' >>>>> >>>>> But it just waint 5 second. Any idea why this happens? >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>>> from Actuate! Instantly Supercharge Your Business Reports and >>>>> Dashboards >>>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >>>>> more >>>>> Get technology previously reserved for billion-dollar corporations, >>>>> FREE >>>>> >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> <javascript:_e(%7B%7D,'cvml','sql...@li...');> >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>> > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
