Thread: [sqlmap-users] Error on takeover
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Christophe C. <cl...@ya...> - 2010-10-22 22:37:44
|
Hi, I'm trying sqlmap, it works good but when I want to take over the server,
sqlmap crashes !
Here is the command line I used : sqlmap -u http://192.168.1.5/sql.php?id=1
--os-pwn --msf-path /opt/metasploit3 -v 1
It asks me for the languages supported by the server and the root directory (I
wrote "C:/Program Files/wamp/www/")
It asks for the directory to upload the agent, I wrote the same path ...
And then ... error ! It did'nt give me the filename of the agent :(
I noticed that the file agent has been uploaded (I own the target server) but
the first line begins with the first line of the sql table I created for this
tests (???)
And the agent works good (files are uploaded without problems)
Here is the trace of the error :
[00:22:13] [ERROR] unhandled exception in sqlmap/0.8, please copy the command
line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.8
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
File "/usr/bin/sqlmap", line 77, in main
start()
File "/usr/share/sqlmap/lib/controller/controller.py", line 259, in start
action()
File "/usr/share/sqlmap/lib/controller/action.py", line 144, in action
conf.dbmsHandler.osPwn()
File "/usr/share/sqlmap/plugins/generic/takeover.py", line 169, in osPwn
self.initEnv(web=web)
File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv
self.webInit()
File "/usr/share/sqlmap/lib/takeover/web.py", line 189, in webInit
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True,
raise404=False)
File "/usr/share/sqlmap/lib/request/connect.py", line 126, in getPage
conn = urllib2.urlopen(req)
File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
return _opener.open(url, data)
File "/usr/lib/python2.5/urllib2.py", line 381, in open
response = self._open(req, data)
File "/usr/lib/python2.5/urllib2.py", line 399, in _open
'_open', req)
File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
result = func(*args)
File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open
h = http_class(host) # will parse host:port
File "/usr/lib/python2.5/httplib.py", line 639, in __init__
self._set_hostport(host, port)
File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport
raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
InvalidURL: nonnumeric port: ''
[*] shutting down at: 00:22:13
|
|
From: Miroslav S. <mir...@gm...> - 2010-10-23 06:46:24
|
Hi Christophe. It seems that you are using too old version (it's official but right now it's too old :) ). In the latest 0.9-dev this is fixed. Please checkout the latest development version from our SVN repository by doing this: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev Kind regards. 2010/10/23 Christophe Clémence <cl...@ya...>: > Hi, I'm trying sqlmap, it works good but when I want to take over the > server, sqlmap crashes ! > Here is the command line I used : sqlmap -u http://192.168.1.5/sql.php?id=1 > --os-pwn --msf-path /opt/metasploit3 -v 1 > It asks me for the languages supported by the server and the root directory > (I wrote "C:/Program Files/wamp/www/") > It asks for the directory to upload the agent, I wrote the same path ... > And then ... error ! It did'nt give me the filename of the agent :( > I noticed that the file agent has been uploaded (I own the target > server) but the first line begins with the first line of the sql table I > created for this tests (???) > And the agent works good (files are uploaded without problems) > Here is the trace of the error : > [00:22:13] [ERROR] unhandled exception in sqlmap/0.8, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.8 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 77, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 259, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 144, in action > conf.dbmsHandler.osPwn() > File "/usr/share/sqlmap/plugins/generic/takeover.py", line 169, in osPwn > self.initEnv(web=web) > File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv > self.webInit() > File "/usr/share/sqlmap/lib/takeover/web.py", line 189, in webInit > uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, > raise404=False) > File "/usr/share/sqlmap/lib/request/connect.py", line 126, in getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > return _opener.open(url, data) > File "/usr/lib/python2.5/urllib2.py", line 381, in open > response = self._open(req, data) > File "/usr/lib/python2.5/urllib2.py", line 399, in _open > '_open', req) > File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain > result = func(*args) > File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open > h = http_class(host) # will parse host:port > File "/usr/lib/python2.5/httplib.py", line 639, in __init__ > self._set_hostport(host, port) > File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '' > [*] shutting down at: 00:22:13 > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Christophe C. <cl...@ya...> - 2010-10-23 11:43:11
|
Hi, It works fine ... but it can't launch the remote exe file, I think it's a security of windows xp or mysql ... Thanks ;) ________________________________ De : Miroslav Stampar <mir...@gm...> À : Christophe Clémence <cl...@ya...> Cc : sql...@li... Envoyé le : Sam 23 octobre 2010, 8h 46min 17s Objet : Re: [sqlmap-users] Error on takeover Hi Christophe. It seems that you are using too old version (it's official but right now it's too old :) ). In the latest 0.9-dev this is fixed. Please checkout the latest development version from our SVN repository by doing this: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev Kind regards. 2010/10/23 Christophe Clémence <cl...@ya...>: > Hi, I'm trying sqlmap, it works good but when I want to take over the > server, sqlmap crashes ! > Here is the command line I used : sqlmap -u http://192.168.1.5/sql.php?id=1 > --os-pwn --msf-path /opt/metasploit3 -v 1 > It asks me for the languages supported by the server and the root directory > (I wrote "C:/Program Files/wamp/www/") > It asks for the directory to upload the agent, I wrote the same path ... > And then ... error ! It did'nt give me the filename of the agent :( > I noticed that the file agent has been uploaded (I own the target > server) but the first line begins with the first line of the sql table I > created for this tests (???) > And the agent works good (files are uploaded without problems) > Here is the trace of the error : > [00:22:13] [ERROR] unhandled exception in sqlmap/0.8, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.8 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 77, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 259, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 144, in action > conf.dbmsHandler.osPwn() > File "/usr/share/sqlmap/plugins/generic/takeover.py", line 169, in osPwn > self.initEnv(web=web) > File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv > self.webInit() > File "/usr/share/sqlmap/lib/takeover/web.py", line 189, in webInit > uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, > raise404=False) > File "/usr/share/sqlmap/lib/request/connect.py", line 126, in getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > return _opener.open(url, data) > File "/usr/lib/python2.5/urllib2.py", line 381, in open > response = self._open(req, data) > File "/usr/lib/python2.5/urllib2.py", line 399, in _open > '_open', req) > File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain > result = func(*args) > File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open > h = http_class(host) # will parse host:port > File "/usr/lib/python2.5/httplib.py", line 639, in __init__ > self._set_hostport(host, port) > File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '' > [*] shutting down at: 00:22:13 > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-10-25 11:38:00
|
We have experienced this behaviour before. On Windows XP as a target, the dbms process user is not able to launch the payload stager (or any other portable executable). However, on W2k3 it works. Bernardo 2010/10/23 Christophe Clémence <cl...@ya...>: > Hi, > It works fine ... but it can't launch the remote exe file, I think it's a > security of windows xp or mysql ... > Thanks ;) > ________________________________ > De : Miroslav Stampar <mir...@gm...> > À : Christophe Clémence <cl...@ya...> > Cc : sql...@li... > Envoyé le : Sam 23 octobre 2010, 8h 46min 17s > Objet : Re: [sqlmap-users] Error on takeover > > Hi Christophe. > > It seems that you are using too old version (it's official but right > now it's too old :) ). In the latest 0.9-dev this is fixed. > > Please checkout the latest development version from our SVN repository > by doing this: > > svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev > > Kind regards. > > > 2010/10/23 Christophe Clémence <cl...@ya...>: >> Hi, I'm trying sqlmap, it works good but when I want to take over the >> server, sqlmap crashes ! >> Here is the command line I used : sqlmap -u >> http://192.168.1.5/sql.php?id=1 >> --os-pwn --msf-path /opt/metasploit3 -v 1 >> It asks me for the languages supported by the server and the root >> directory >> (I wrote "C:/Program Files/wamp/www/") >> It asks for the directory to upload the agent, I wrote the same path ... >> And then ... error ! It did'nt give me the filename of the agent :( >> I noticed that the file agent has been uploaded (I own the target >> server) but the first line begins with the first line of the sql table I >> created for this tests (???) >> And the agent works good (files are uploaded without problems) >> Here is the trace of the error : >> [00:22:13] [ERROR] unhandled exception in sqlmap/0.8, please copy the >> command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon as >> possible: >> sqlmap version: 0.8 >> Python version: 2.5.2 >> Operating system: linux2 >> Traceback (most recent call last): >> File "/usr/bin/sqlmap", line 77, in main >> start() >> File "/usr/share/sqlmap/lib/controller/controller.py", line 259, in >> start >> action() >> File "/usr/share/sqlmap/lib/controller/action.py", line 144, in action >> conf.dbmsHandler.osPwn() >> File "/usr/share/sqlmap/plugins/generic/takeover.py", line 169, in osPwn >> self.initEnv(web=web) >> File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 155, in >> initEnv >> self.webInit() >> File "/usr/share/sqlmap/lib/takeover/web.py", line 189, in webInit >> uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, >> raise404=False) >> File "/usr/share/sqlmap/lib/request/connect.py", line 126, in getPage >> conn = urllib2.urlopen(req) >> File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen >> return _opener.open(url, data) >> File "/usr/lib/python2.5/urllib2.py", line 381, in open >> response = self._open(req, data) >> File "/usr/lib/python2.5/urllib2.py", line 399, in _open >> '_open', req) >> File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain >> result = func(*args) >> File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open >> h = http_class(host) # will parse host:port >> File "/usr/lib/python2.5/httplib.py", line 639, in __init__ >> self._set_hostport(host, port) >> File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport >> raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) >> InvalidURL: nonnumeric port: '' >> [*] shutting down at: 00:22:13 >> >> >> >> ------------------------------------------------------------------------------ >> Nokia and AT&T present the 2010 Calling All Innovators-North America >> contest >> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada >> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in >> marketing >> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store >> http://p.sf.net/sfu/nokia-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X