sqlmap-users Mailing List for sqlmap (Page 84)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Liran M. <rea...@gm...> - 2011-07-30 23:52:43
|
Thanks Miroslav When this build will be available for download? and you 2 made an amazing app, Tomorrow i'm going to donate to your project, your program is a real pro for me! what's the paypal address for it ? On Sun, Jul 31, 2011 at 12:42 AM, Miroslav Stampar < mir...@gm...> wrote: > hi. > > here was a problem in programs logic that needed to be changed. > > with the last commit there won't be anymore questions like "do you > want to retrieve..." for --sql-shell/--sql-query. this was causing > problems (program did nothing) for non-compatible answers (N for > queries and Y for non-queries). > > to make things short, there was a program logic bug that should be > fixed now with r4307. > > kr > > On Sat, Jul 30, 2011 at 6:52 PM, Liran Mimoni <rea...@gm...> > wrote: > > sql-shell> update news set title = "dasdasd"; > > do you want to retrieve the SQL statement output? [y/N/a] y > > [19:50:14] [INFO] fetching SQL data manipulation query output: 'update > news > > set title = "dasdasd";' > > [19:50:14] [PAYLOAD] -1868 UNION ALL SELECT NULL, NULL, NULL, > > CONCAT(CHAR(58,111,100,99,58),IFNULL(UPDATE news set title = > > "dasdasd";,CHAR(32)),CHAR(58,100,117,121,58)), NULL, NULL# > > [19:50:15] [WARNING] if the problem persists with 'None' values please > try > > to use hidden switch --no-cast (fixing problems with some collation > issues) > > [19:50:15] [DEBUG] performed 1 queries in 0 seconds > > [19:50:15] [PAYLOAD] -3449 > > [19:50:16] [INFO] retrieving the length of query output > > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > > title = "dasdasd";),CHAR(32))),1,1)) > 51) > > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > > title = "dasdasd";),CHAR(32))),1,1)) > 48) > > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > > title = "dasdasd";),CHAR(32))),1,1)) > 1) > > [19:50:17] [INFO] retrieved: > > [19:50:17] [DEBUG] performed 3 queries in 1 seconds > > [19:50:17] [DEBUG] starting 50 threads > > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 64) > > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 32) > > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 16) > > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 8) > > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 4) > > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 2) > > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title > = > > "dasdasd";,CHAR(32))),1,1)) > 1) > > [19:50:19] [INFO] retrieved: > > [19:50:19] [DEBUG] performed 7 queries in 3 seconds > > > > the update command didnt work, it didnt updated the requested column > > Please help me thanks > > > ------------------------------------------------------------------------------ > > Got Input? Slashdot Needs You. > > Take our quick survey online. Come on, we don't ask for help often. > > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > > http://p.sf.net/sfu/slashdot-survey > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-07-30 21:43:06
|
hi. here was a problem in programs logic that needed to be changed. with the last commit there won't be anymore questions like "do you want to retrieve..." for --sql-shell/--sql-query. this was causing problems (program did nothing) for non-compatible answers (N for queries and Y for non-queries). to make things short, there was a program logic bug that should be fixed now with r4307. kr On Sat, Jul 30, 2011 at 6:52 PM, Liran Mimoni <rea...@gm...> wrote: > sql-shell> update news set title = "dasdasd"; > do you want to retrieve the SQL statement output? [y/N/a] y > [19:50:14] [INFO] fetching SQL data manipulation query output: 'update news > set title = "dasdasd";' > [19:50:14] [PAYLOAD] -1868 UNION ALL SELECT NULL, NULL, NULL, > CONCAT(CHAR(58,111,100,99,58),IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32)),CHAR(58,100,117,121,58)), NULL, NULL# > [19:50:15] [WARNING] if the problem persists with 'None' values please try > to use hidden switch --no-cast (fixing problems with some collation issues) > [19:50:15] [DEBUG] performed 1 queries in 0 seconds > [19:50:15] [PAYLOAD] -3449 > [19:50:16] [INFO] retrieving the length of query output > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 51) > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 48) > [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set > title = "dasdasd";),CHAR(32))),1,1)) > 1) > [19:50:17] [INFO] retrieved: > [19:50:17] [DEBUG] performed 3 queries in 1 seconds > [19:50:17] [DEBUG] starting 50 threads > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 64) > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 32) > [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 16) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 8) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 4) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 2) > [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = > "dasdasd";,CHAR(32))),1,1)) > 1) > [19:50:19] [INFO] retrieved: > [19:50:19] [DEBUG] performed 7 queries in 3 seconds > > the update command didnt work, it didnt updated the requested column > Please help me thanks > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Gianluca B. <g...@br...> - 2011-07-30 17:19:57
|
With -v 3 http://sqlmap.sourceforge.net/doc/README.html On Sat, Jul 30, 2011 at 6:35 PM, Liran Mimoni <rea...@gm...> wrote: > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Liran M. <rea...@gm...> - 2011-07-30 16:52:21
|
sql-shell> update news set title = "dasdasd"; do you want to retrieve the SQL statement output? [y/N/a] y [19:50:14] [INFO] fetching SQL data manipulation query output: 'update news set title = "dasdasd";' [19:50:14] [PAYLOAD] -1868 UNION ALL SELECT NULL, NULL, NULL, CONCAT(CHAR(58,111,100,99,58),IFNULL(UPDATE news set title = "dasdasd";,CHAR(32)),CHAR(58,100,117,121,58)), NULL, NULL# [19:50:15] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fixing problems with some collation issues) [19:50:15] [DEBUG] performed 1 queries in 0 seconds [19:50:15] [PAYLOAD] -3449 [19:50:16] [INFO] retrieving the length of query output [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set title = "dasdasd";),CHAR(32))),1,1)) > 51) [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set title = "dasdasd";),CHAR(32))),1,1)) > 48) [19:50:16] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(LENGTH(UPDATE news set title = "dasdasd";),CHAR(32))),1,1)) > 1) [19:50:17] [INFO] retrieved: [19:50:17] [DEBUG] performed 3 queries in 1 seconds [19:50:17] [DEBUG] starting 50 threads [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 64) [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 32) [19:50:17] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 16) [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 8) [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 4) [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 2) [19:50:18] [PAYLOAD] -1492 OR NOT (ORD(MID((IFNULL(UPDATE news set title = "dasdasd";,CHAR(32))),1,1)) > 1) [19:50:19] [INFO] retrieved: [19:50:19] [DEBUG] performed 7 queries in 3 seconds the update command didnt work, it didnt updated the requested column Please help me thanks |
|
From: Liran M. <rea...@gm...> - 2011-07-30 16:35:52
|
|
From: x x <asu...@gm...> - 2011-07-29 17:40:33
|
i have couple questions about SQLMAP, subscribe me plz usrname: asus2142 |
|
From: Miroslav S. <mir...@gm...> - 2011-07-28 07:26:10
|
Nice to hear and thx for the donation. You are 'protected' now :) p.s. Steve, feel free to crash the critical error repair party anytime On 28.7.2011. 09:09, "Gianluca Brindisi" <g...@br...> wrote: > Oh yeah, it's working great :) > > [09:02:48] [INFO] starting dictionary-based cracking (mysql_passwd) > [09:02:48] [WARNING] multiprocessing hash cracking is currently not > supported on this platform > [09:04:06] [WARNING] no clear password(s) found > > Tested on rev 4301. > > Thank you all! > > Gianluca > > > On Thu, Jul 28, 2011 at 6:56 AM, Gianluca Brindisi <g...@br...> wrote: >> LOL :) >> Actually I owe you a beer for all the extra work I keep trhowing at you! >> >> I am back home and I'll reproduce it asap... stay tuned. >> >> By the way I used to crack hashes flawlessy before on the same machine >> (OpenBSD) but can't remeber if it was 0.9 or what revision of 1.0. >> >> Gianluca >> >> On Wed, Jul 27, 2011 at 11:24 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> "Gianluca Brindisi" officially hates me :) >>> >>> i've tried around 6 different fixes and at the end solution from Steve >>> really looks most promising (just committed something 99% similar to >>> that one) >>> >>> thing is that for some unapparent reason i've made some boyscout fixes >>> and he probably just got crazy in all those iterations. >>> >>> don't know what to say than sorry. >>> >>> kr >>> >>> On Wed, Jul 27, 2011 at 10:08 AM, Bernardo Damele A. G. >>> <ber...@gm...> wrote: >>>> This should be fixed now. >>>> Can you please retry and report back? >>>> >>>> Bernardo >>>> >>>> >>>> On 26 July 2011 10:36, Gianluca Brindisi <g...@br...> wrote: >>>>> Hi all! >>>>> I still have errors while trying to crack retrieved hashes :( >>>>> >>>>> [11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293), >>>>> retry your run with the latest development version from the Subversion >>>>> repository. If the exception persists, >>>>> please send by e-mail to sql...@li... the >>>>> following text and any information required to reproduce the bug. The >>>>> developers will try to reproduce the bug, fix >>>>> it accordingly and get back to you. >>>>> sqlmap version: 1.0-dev (r4293) >>>>> Python version: 2.6.5 >>>>> Operating system: posix >>>>> Command line: sqlmap.py --tor --url >>>>> *************************************** --password >>>>> Technique: ERROR >>>>> Back-end DBMS: MySQL (fingerprinted) >>>>> Traceback (most recent call last): >>>>> File "sqlmap.py", line 86, in main >>>>> start() >>>>> File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start >>>>> action() >>>>> File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action >>>>> conf.dbmsHandler.getPasswordHashes(), "password hash") >>>>> File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396, >>>>> in getPasswordHashes >>>>> attackCachedUsersPasswords() >>>>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in >>>>> attackCachedUsersPasswords >>>>> results = dictionaryAttack(kb.data.cachedUsersPasswords) >>>>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack >>>>> retVal = _multiprocessing.Queue() >>>>> File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line >>>>> 212, in Queue >>>>> from multiprocessing.queues import Queue >>>>> File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22, >>>>> in <module> >>>>> from multiprocessing.synchronize import Lock, BoundedSemaphore, >>>>> Semaphore, Condition >>>>> File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line >>>>> 33, in <module> >>>>> " function, see issue 3770.") >>>>> ImportError: This platform lacks a functioning sem_open >>>>> implementation, therefore, the required synchronization primitives >>>>> needed will not function, see issue 3770. >>>>> >>>>> [*] shutting down at 11:32:53 >>>>> >>>>> Gianluca >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Magic Quadrant for Content-Aware Data Loss Prevention >>>>> Research study explores the data loss prevention market. Includes in-depth >>>>> analysis on the changes within the DLP market, and the criteria used to >>>>> evaluate the strengths and weaknesses of these DLP solutions. >>>>> http://www.accelacomm.com/jaw/sfnl/114/51385063/ >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> >>>> >>>> -- >>>> Bernardo Damele A. G. >>>> >>>> E-mail / Jabber: bernardo.damele (at) gmail.com >>>> Mobile: +447788962949 (UK 07788962949) >>>> PGP Key ID: Unavailable >>>> >>>> ------------------------------------------------------------------------------ >>>> Got Input? Slashdot Needs You. >>>> Take our quick survey online. Come on, we don't ask for help often. >>>> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >>>> http://p.sf.net/sfu/slashdot-survey >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar (@stamparm) >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >> |
|
From: Gianluca B. <g...@br...> - 2011-07-28 07:09:09
|
Oh yeah, it's working great :) [09:02:48] [INFO] starting dictionary-based cracking (mysql_passwd) [09:02:48] [WARNING] multiprocessing hash cracking is currently not supported on this platform [09:04:06] [WARNING] no clear password(s) found Tested on rev 4301. Thank you all! Gianluca On Thu, Jul 28, 2011 at 6:56 AM, Gianluca Brindisi <g...@br...> wrote: > LOL :) > Actually I owe you a beer for all the extra work I keep trhowing at you! > > I am back home and I'll reproduce it asap... stay tuned. > > By the way I used to crack hashes flawlessy before on the same machine > (OpenBSD) but can't remeber if it was 0.9 or what revision of 1.0. > > Gianluca > > On Wed, Jul 27, 2011 at 11:24 PM, Miroslav Stampar > <mir...@gm...> wrote: >> "Gianluca Brindisi" officially hates me :) >> >> i've tried around 6 different fixes and at the end solution from Steve >> really looks most promising (just committed something 99% similar to >> that one) >> >> thing is that for some unapparent reason i've made some boyscout fixes >> and he probably just got crazy in all those iterations. >> >> don't know what to say than sorry. >> >> kr >> >> On Wed, Jul 27, 2011 at 10:08 AM, Bernardo Damele A. G. >> <ber...@gm...> wrote: >>> This should be fixed now. >>> Can you please retry and report back? >>> >>> Bernardo >>> >>> >>> On 26 July 2011 10:36, Gianluca Brindisi <g...@br...> wrote: >>>> Hi all! >>>> I still have errors while trying to crack retrieved hashes :( >>>> >>>> [11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293), >>>> retry your run with the latest development version from the Subversion >>>> repository. If the exception persists, >>>> please send by e-mail to sql...@li... the >>>> following text and any information required to reproduce the bug. The >>>> developers will try to reproduce the bug, fix >>>> it accordingly and get back to you. >>>> sqlmap version: 1.0-dev (r4293) >>>> Python version: 2.6.5 >>>> Operating system: posix >>>> Command line: sqlmap.py --tor --url >>>> *************************************** --password >>>> Technique: ERROR >>>> Back-end DBMS: MySQL (fingerprinted) >>>> Traceback (most recent call last): >>>> File "sqlmap.py", line 86, in main >>>> start() >>>> File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start >>>> action() >>>> File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action >>>> conf.dbmsHandler.getPasswordHashes(), "password hash") >>>> File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396, >>>> in getPasswordHashes >>>> attackCachedUsersPasswords() >>>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in >>>> attackCachedUsersPasswords >>>> results = dictionaryAttack(kb.data.cachedUsersPasswords) >>>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack >>>> retVal = _multiprocessing.Queue() >>>> File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line >>>> 212, in Queue >>>> from multiprocessing.queues import Queue >>>> File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22, >>>> in <module> >>>> from multiprocessing.synchronize import Lock, BoundedSemaphore, >>>> Semaphore, Condition >>>> File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line >>>> 33, in <module> >>>> " function, see issue 3770.") >>>> ImportError: This platform lacks a functioning sem_open >>>> implementation, therefore, the required synchronization primitives >>>> needed will not function, see issue 3770. >>>> >>>> [*] shutting down at 11:32:53 >>>> >>>> Gianluca >>>> >>>> ------------------------------------------------------------------------------ >>>> Magic Quadrant for Content-Aware Data Loss Prevention >>>> Research study explores the data loss prevention market. Includes in-depth >>>> analysis on the changes within the DLP market, and the criteria used to >>>> evaluate the strengths and weaknesses of these DLP solutions. >>>> http://www.accelacomm.com/jaw/sfnl/114/51385063/ >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobile: +447788962949 (UK 07788962949) >>> PGP Key ID: Unavailable >>> >>> ------------------------------------------------------------------------------ >>> Got Input? Slashdot Needs You. >>> Take our quick survey online. Come on, we don't ask for help often. >>> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >>> http://p.sf.net/sfu/slashdot-survey >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar (@stamparm) >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > |
|
From: Gianluca B. <g...@br...> - 2011-07-28 06:56:35
|
LOL :) Actually I owe you a beer for all the extra work I keep trhowing at you! I am back home and I'll reproduce it asap... stay tuned. By the way I used to crack hashes flawlessy before on the same machine (OpenBSD) but can't remeber if it was 0.9 or what revision of 1.0. Gianluca On Wed, Jul 27, 2011 at 11:24 PM, Miroslav Stampar <mir...@gm...> wrote: > "Gianluca Brindisi" officially hates me :) > > i've tried around 6 different fixes and at the end solution from Steve > really looks most promising (just committed something 99% similar to > that one) > > thing is that for some unapparent reason i've made some boyscout fixes > and he probably just got crazy in all those iterations. > > don't know what to say than sorry. > > kr > > On Wed, Jul 27, 2011 at 10:08 AM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> This should be fixed now. >> Can you please retry and report back? >> >> Bernardo >> >> >> On 26 July 2011 10:36, Gianluca Brindisi <g...@br...> wrote: >>> Hi all! >>> I still have errors while trying to crack retrieved hashes :( >>> >>> [11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293), >>> retry your run with the latest development version from the Subversion >>> repository. If the exception persists, >>> please send by e-mail to sql...@li... the >>> following text and any information required to reproduce the bug. The >>> developers will try to reproduce the bug, fix >>> it accordingly and get back to you. >>> sqlmap version: 1.0-dev (r4293) >>> Python version: 2.6.5 >>> Operating system: posix >>> Command line: sqlmap.py --tor --url >>> *************************************** --password >>> Technique: ERROR >>> Back-end DBMS: MySQL (fingerprinted) >>> Traceback (most recent call last): >>> File "sqlmap.py", line 86, in main >>> start() >>> File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start >>> action() >>> File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action >>> conf.dbmsHandler.getPasswordHashes(), "password hash") >>> File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396, >>> in getPasswordHashes >>> attackCachedUsersPasswords() >>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in >>> attackCachedUsersPasswords >>> results = dictionaryAttack(kb.data.cachedUsersPasswords) >>> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack >>> retVal = _multiprocessing.Queue() >>> File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line >>> 212, in Queue >>> from multiprocessing.queues import Queue >>> File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22, >>> in <module> >>> from multiprocessing.synchronize import Lock, BoundedSemaphore, >>> Semaphore, Condition >>> File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line >>> 33, in <module> >>> " function, see issue 3770.") >>> ImportError: This platform lacks a functioning sem_open >>> implementation, therefore, the required synchronization primitives >>> needed will not function, see issue 3770. >>> >>> [*] shutting down at 11:32:53 >>> >>> Gianluca >>> >>> ------------------------------------------------------------------------------ >>> Magic Quadrant for Content-Aware Data Loss Prevention >>> Research study explores the data loss prevention market. Includes in-depth >>> analysis on the changes within the DLP market, and the criteria used to >>> evaluate the strengths and weaknesses of these DLP solutions. >>> http://www.accelacomm.com/jaw/sfnl/114/51385063/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: Unavailable >> >> ------------------------------------------------------------------------------ >> Got Input? Slashdot Needs You. >> Take our quick survey online. Come on, we don't ask for help often. >> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> http://p.sf.net/sfu/slashdot-survey >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Steve P. <ste...@gm...> - 2011-07-28 00:05:57
|
On 07/27/2011 07:24 PM, Miroslav Stampar wrote: > "Gianluca Brindisi" officially hates me :) > > i've tried around 6 different fixes and at the end solution from Steve > really looks most promising (just committed something 99% similar to > that one) > > thing is that for some unapparent reason i've made some boyscout fixes > and he probably just got crazy in all those iterations. > > don't know what to say than sorry. > > kr Unfortunately, you need OS semaphores to do multiprocessing without problems. Python uses POSIX semaphores, which are not or poorly supported on some OSs. If you're willing to use external libraries, you can rewrite to use SysV semaphores with something like http://semanchuk.com/philip/sysv_ipc/ which should work basically everywhere. That would inconvenience a lot of people for the sake of openBSD, Solaris, AIX, and FreeBSD <= 7.1 (which isn't even supported anymore). Because only these minority share OSs have the problem, this issue is considered low priority for the Python project. The related bugs are here, if anyone feels bored in the future and wants to have a go. I guarantee if you try, you'll learn some interesting things and lose some hair or turn it gray. ;-) http://bugs.python.org/issue5725 http://bugs.python.org/issue10348 -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | |
|
From: Miroslav S. <mir...@gm...> - 2011-07-27 23:24:56
|
"Gianluca Brindisi" officially hates me :) i've tried around 6 different fixes and at the end solution from Steve really looks most promising (just committed something 99% similar to that one) thing is that for some unapparent reason i've made some boyscout fixes and he probably just got crazy in all those iterations. don't know what to say than sorry. kr On Wed, Jul 27, 2011 at 10:08 AM, Bernardo Damele A. G. <ber...@gm...> wrote: > This should be fixed now. > Can you please retry and report back? > > Bernardo > > > On 26 July 2011 10:36, Gianluca Brindisi <g...@br...> wrote: >> Hi all! >> I still have errors while trying to crack retrieved hashes :( >> >> [11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293), >> retry your run with the latest development version from the Subversion >> repository. If the exception persists, >> please send by e-mail to sql...@li... the >> following text and any information required to reproduce the bug. The >> developers will try to reproduce the bug, fix >> it accordingly and get back to you. >> sqlmap version: 1.0-dev (r4293) >> Python version: 2.6.5 >> Operating system: posix >> Command line: sqlmap.py --tor --url >> *************************************** --password >> Technique: ERROR >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "sqlmap.py", line 86, in main >> start() >> File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start >> action() >> File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action >> conf.dbmsHandler.getPasswordHashes(), "password hash") >> File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396, >> in getPasswordHashes >> attackCachedUsersPasswords() >> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in >> attackCachedUsersPasswords >> results = dictionaryAttack(kb.data.cachedUsersPasswords) >> File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack >> retVal = _multiprocessing.Queue() >> File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line >> 212, in Queue >> from multiprocessing.queues import Queue >> File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22, >> in <module> >> from multiprocessing.synchronize import Lock, BoundedSemaphore, >> Semaphore, Condition >> File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line >> 33, in <module> >> " function, see issue 3770.") >> ImportError: This platform lacks a functioning sem_open >> implementation, therefore, the required synchronization primitives >> needed will not function, see issue 3770. >> >> [*] shutting down at 11:32:53 >> >> Gianluca >> >> ------------------------------------------------------------------------------ >> Magic Quadrant for Content-Aware Data Loss Prevention >> Research study explores the data loss prevention market. Includes in-depth >> analysis on the changes within the DLP market, and the criteria used to >> evaluate the strengths and weaknesses of these DLP solutions. >> http://www.accelacomm.com/jaw/sfnl/114/51385063/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Liran M. <rea...@gm...> - 2011-07-27 13:00:28
|
Ok I won't :) thanks alot and like I said, --dbs on MS SQL server (not access) also returns 500 HTTP, but --tables is trying to guess the tables there On Wed, Jul 27, 2011 at 2:59 PM, Miroslav Stampar < mir...@gm...> wrote: > in lib/core/settings.py you can change number '10' to something that > will suite your needs. > > # Maximum number of threads (avoiding connection issues and/or DoS) > MAX_NUMBER_OF_THREADS = 10 > > just one note. please don't come back with "why do i get all those > timeouts". > > ------------------------------- > > about the ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs > i believe that Andre Silva really pointed you to the good direction. > please do the --flush-session. there were some changes in "data model" > which could prevent you from resuming the stored injection data. > > kr > > On Wed, Jul 27, 2011 at 1:52 PM, Liran Mimoni <rea...@gm...> > wrote: > > ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs > > also there is a way to bypass the limit of maximum threads to more than > 10? > > Thanks > > > > On Wed, Jul 27, 2011 at 2:46 PM, Miroslav Stampar > > <mir...@gm...> wrote: > >> > >> hi Liran. > >> > >> what's the command line used? > >> > >> kr > >> > >> On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <rea...@gm...> > >> wrote: > >> > there is a bug in version 1, each time I run some injection on same > >> > server > >> > that already injected the tool won't load it from the cache, it will > >> > test it > >> > again > >> > > >> > > ------------------------------------------------------------------------------ > >> > Got Input? Slashdot Needs You. > >> > Take our quick survey online. Come on, we don't ask for help often. > >> > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > >> > http://p.sf.net/sfu/slashdot-survey > >> > _______________________________________________ > >> > sqlmap-users mailing list > >> > sql...@li... > >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > > >> > > >> > >> > >> > >> -- > >> Miroslav Stampar (@stamparm) > >> > >> E-mail: miroslav.stampar (at) gmail.com > >> PGP Key ID: 0xB5397B1B > > > > > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-07-27 12:06:04
|
in lib/core/settings.py you can change number '10' to something that will suite your needs. # Maximum number of threads (avoiding connection issues and/or DoS) MAX_NUMBER_OF_THREADS = 10 just one note. please don't come back with "why do i get all those timeouts". ------------------------------- about the ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs i believe that Andre Silva really pointed you to the good direction. please do the --flush-session. there were some changes in "data model" which could prevent you from resuming the stored injection data. kr On Wed, Jul 27, 2011 at 1:52 PM, Liran Mimoni <rea...@gm...> wrote: > ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs > also there is a way to bypass the limit of maximum threads to more than 10? > Thanks > > On Wed, Jul 27, 2011 at 2:46 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> hi Liran. >> >> what's the command line used? >> >> kr >> >> On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <rea...@gm...> >> wrote: >> > there is a bug in version 1, each time I run some injection on same >> > server >> > that already injected the tool won't load it from the cache, it will >> > test it >> > again >> > >> > ------------------------------------------------------------------------------ >> > Got Input? Slashdot Needs You. >> > Take our quick survey online. Come on, we don't ask for help often. >> > Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> > http://p.sf.net/sfu/slashdot-survey >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> >> >> >> -- >> Miroslav Stampar (@stamparm) >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-07-27 12:03:53
|
then please do the -t traffic.txt and inspect the content of responses there. i believe that there could be some interesting information there that could help you. general note: when you get this kind of "strange" 500s while injection was detected then you are most probably dealing with some kind of WAF/IPS. kr On Wed, Jul 27, 2011 at 2:00 PM, Liran Mimoni <rea...@gm...> wrote: > Ok I won't :) thanks alot > and like I said, --dbs on MS SQL server (not access) also returns 500 HTTP, > but --tables is trying to guess the tables there > > On Wed, Jul 27, 2011 at 2:59 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> in lib/core/settings.py you can change number '10' to something that >> will suite your needs. >> >> # Maximum number of threads (avoiding connection issues and/or DoS) >> MAX_NUMBER_OF_THREADS = 10 >> >> just one note. please don't come back with "why do i get all those >> timeouts". >> >> ------------------------------- >> >> about the ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs >> i believe that Andre Silva really pointed you to the good direction. >> please do the --flush-session. there were some changes in "data model" >> which could prevent you from resuming the stored injection data. >> >> kr >> >> On Wed, Jul 27, 2011 at 1:52 PM, Liran Mimoni <rea...@gm...> >> wrote: >> > ./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs >> > also there is a way to bypass the limit of maximum threads to more than >> > 10? >> > Thanks >> > >> > On Wed, Jul 27, 2011 at 2:46 PM, Miroslav Stampar >> > <mir...@gm...> wrote: >> >> >> >> hi Liran. >> >> >> >> what's the command line used? >> >> >> >> kr >> >> >> >> On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <rea...@gm...> >> >> wrote: >> >> > there is a bug in version 1, each time I run some injection on same >> >> > server >> >> > that already injected the tool won't load it from the cache, it will >> >> > test it >> >> > again >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Got Input? Slashdot Needs You. >> >> > Take our quick survey online. Come on, we don't ask for help often. >> >> > Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> >> > http://p.sf.net/sfu/slashdot-survey >> >> > _______________________________________________ >> >> > sqlmap-users mailing list >> >> > sql...@li... >> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Miroslav Stampar (@stamparm) >> >> >> >> E-mail: miroslav.stampar (at) gmail.com >> >> PGP Key ID: 0xB5397B1B >> > >> > >> >> >> >> -- >> Miroslav Stampar (@stamparm) >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Liran M. <rea...@gm...> - 2011-07-27 11:52:56
|
./sqlmap.py -u "http://URL/shop.asp?CatID=8&ProdID=75" --dbs also there is a way to bypass the limit of maximum threads to more than 10? Thanks On Wed, Jul 27, 2011 at 2:46 PM, Miroslav Stampar < mir...@gm...> wrote: > hi Liran. > > what's the command line used? > > kr > > On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <rea...@gm...> > wrote: > > there is a bug in version 1, each time I run some injection on same > server > > that already injected the tool won't load it from the cache, it will test > it > > again > > > ------------------------------------------------------------------------------ > > Got Input? Slashdot Needs You. > > Take our quick survey online. Come on, we don't ask for help often. > > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > > http://p.sf.net/sfu/slashdot-survey > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-07-27 11:46:37
|
hi Liran. what's the command line used? kr On Wed, Jul 27, 2011 at 1:28 PM, Liran Mimoni <rea...@gm...> wrote: > there is a bug in version 1, each time I run some injection on same server > that already injected the tool won't load it from the cache, it will test it > again > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-07-27 11:44:36
|
hi. don't be afraid of "500 (Internal Server Error) - 23 times". it's just an info that should help advanced users to know what was happening in the background. 500 is a perfectly normal thing in SQL injections. kr On Wed, Jul 27, 2011 at 1:27 PM, Liran Mimoni <rea...@gm...> wrote: > but when running injection manually it's working. > Each DB: > SQL Server > Access > returns HTTP 500 while using sqlmap, mysql db works fine > [14:25:54] [WARNING] on Microsoft Access it is not possible to enumerate > databases > [14:25:54] [WARNING] HTTP error codes detected during testing: > 500 (Internal Server Error) - 23 times > > I think i'm missing some configurations, so I hope you can help me > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Liran M. <rea...@gm...> - 2011-07-27 11:34:26
|
why flush? I want it to re-run on same site from the cache On Wed, Jul 27, 2011 at 2:33 PM, André Silva <and...@gm...> wrote: > Try using the --flush-session > > Andre > > 2011/7/27 Liran Mimoni <rea...@gm...> > >> there is a bug in version 1, each time I run some injection on same server >> that already injected the tool won't load it from the cache, it will test it >> again >> >> >> ------------------------------------------------------------------------------ >> Got Input? Slashdot Needs You. >> Take our quick survey online. Come on, we don't ask for help often. >> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> http://p.sf.net/sfu/slashdot-survey >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > |
|
From: Liran M. <rea...@gm...> - 2011-07-27 11:28:14
|
there is a bug in version 1, each time I run some injection on same server that already injected the tool won't load it from the cache, it will test it again |
|
From: Liran M. <rea...@gm...> - 2011-07-27 11:27:35
|
but when running injection manually it's working. Each DB: SQL Server Access returns HTTP 500 while using sqlmap, mysql db works fine [14:25:54] [WARNING] on Microsoft Access it is not possible to enumerate databases [14:25:54] [WARNING] HTTP error codes detected during testing: 500 (Internal Server Error) - 23 times I think i'm missing some configurations, so I hope you can help me |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-27 09:13:22
|
Hi Liran, On 27 July 2011 10:11, Liran Mimoni <rea...@gm...> wrote: > Hey > I want to run custom sql queries, the one I want to run is 'INSERT' > How I do that? --sql-query or --sql-shell. The web application API needs to support stacked queries (semi-colon character) in order to run different statements. > also, How can I see which queries the sqlmap tool runs while trying to > inject? -v 3 By the way, -h is your friend as is the user's manual, doc/README.pdf. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Liran M. <rea...@gm...> - 2011-07-27 09:11:07
|
Hey I want to run custom sql queries, the one I want to run is 'INSERT' How I do that? also, How can I see which queries the sqlmap tool runs while trying to inject? Thanks ! |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-27 08:28:26
|
This should be fixed now.
Can you please svn update and retry?
Bernardo
On 27 July 2011 04:42, 1ndr4 joe <c0d...@gm...> wrote:
> sqlmap version: 1.0-dev (r4269)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py -u
> ***********************************************************************************************
> --dbs --predict-output
> Technique: BOOLEAN
> Back-end DBMS: PostgreSQL (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap.py", line 86, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line 554, in
> start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 88, in
> action
> conf.dumper.dbs(conf.dbmsHandler.getDbs())
> File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 773,
> in getDbs
> db = inject.getValue(query, inband=False, error=False)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 456, in
> getValue
> value = __goInferenceProxy(query, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar, dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 321, in
> __goInferenceProxy
> outputs = __goInferenceFields(expression, expressionFields,
> expressionFieldsList, payload, expected, resumeValue=resumeValue,
> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 102, in
> __goInferenceFields
> output = __goInference(payload, expressionReplaced, charsetType,
> firstChar, lastChar, dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 66, in
> __goInference
> count, value = bisection(payload, expression, length, charsetType,
> firstChar, lastChar, dump)
> File "/pentest/database/sqlmap/lib/techniques/blind/inference.py", line
> 65, in bisection
> kb.partRun = getPartRun() if conf.predictOutput else None
> File "/pentest/database/sqlmap/lib/core/common.py", line 1858, in
> getPartRun
> stack = [item[4][0] if isinstance(item[4], list) else '' for item in
> inspect.stack()]
> File "/usr/lib/python2.6/inspect.py", line 953, in stack
> return getouterframes(sys._getframe(1), context)
> File "/usr/lib/python2.6/inspect.py", line 931, in getouterframes
> framelist.append((frame,) + getframeinfo(frame, context))
> File "/usr/lib/python2.6/inspect.py", line 900, in getframeinfo
> raise TypeError('arg is not a frame or traceback object')
> TypeError: arg is not a frame or traceback object
>
>
> ------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-27 08:08:19
|
This should be fixed now. Can you please retry and report back? Bernardo On 26 July 2011 10:36, Gianluca Brindisi <g...@br...> wrote: > Hi all! > I still have errors while trying to crack retrieved hashes :( > > [11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293), > retry your run with the latest development version from the Subversion > repository. If the exception persists, > please send by e-mail to sql...@li... the > following text and any information required to reproduce the bug. The > developers will try to reproduce the bug, fix > it accordingly and get back to you. > sqlmap version: 1.0-dev (r4293) > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py --tor --url > *************************************** --password > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 86, in main > start() > File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start > action() > File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action > conf.dbmsHandler.getPasswordHashes(), "password hash") > File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396, > in getPasswordHashes > attackCachedUsersPasswords() > File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in > attackCachedUsersPasswords > results = dictionaryAttack(kb.data.cachedUsersPasswords) > File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack > retVal = _multiprocessing.Queue() > File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line > 212, in Queue > from multiprocessing.queues import Queue > File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22, > in <module> > from multiprocessing.synchronize import Lock, BoundedSemaphore, > Semaphore, Condition > File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line > 33, in <module> > " function, see issue 3770.") > ImportError: This platform lacks a functioning sem_open > implementation, therefore, the required synchronization primitives > needed will not function, see issue 3770. > > [*] shutting down at 11:32:53 > > Gianluca > > ------------------------------------------------------------------------------ > Magic Quadrant for Content-Aware Data Loss Prevention > Research study explores the data loss prevention market. Includes in-depth > analysis on the changes within the DLP market, and the criteria used to > evaluate the strengths and weaknesses of these DLP solutions. > http://www.accelacomm.com/jaw/sfnl/114/51385063/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: 1ndr4 j. <c0d...@gm...> - 2011-07-27 03:42:13
|
sqlmap version: 1.0-dev (r4269)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u
***********************************************************************************************
--dbs --predict-output
Technique: BOOLEAN
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 86, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 554, in
start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 88, in
action
conf.dumper.dbs(conf.dbmsHandler.getDbs())
File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 773,
in getDbs
db = inject.getValue(query, inband=False, error=False)
File "/pentest/database/sqlmap/lib/request/inject.py", line 456, in
getValue
value = __goInferenceProxy(query, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar, dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 321, in
__goInferenceProxy
outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 102, in
__goInferenceFields
output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar, dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 66, in
__goInference
count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)
File "/pentest/database/sqlmap/lib/techniques/blind/inference.py", line
65, in bisection
kb.partRun = getPartRun() if conf.predictOutput else None
File "/pentest/database/sqlmap/lib/core/common.py", line 1858, in
getPartRun
stack = [item[4][0] if isinstance(item[4], list) else '' for item in
inspect.stack()]
File "/usr/lib/python2.6/inspect.py", line 953, in stack
return getouterframes(sys._getframe(1), context)
File "/usr/lib/python2.6/inspect.py", line 931, in getouterframes
framelist.append((frame,) + getframeinfo(frame, context))
File "/usr/lib/python2.6/inspect.py", line 900, in getframeinfo
raise TypeError('arg is not a frame or traceback object')
TypeError: arg is not a frame or traceback object
|
48 messages has been excluded from this view by a project administrator.
