sqlmap-users

[sqlmap-users] Bug - Incorrect OS Detection?

[Anthony B. <ab...@gm...>]

Hello,

sqlmap is not detecting the proper OS when I try to use various options,
such as --os-cmd and --os-pwn.  I have been testing against the Kioptrix
Level 2 VM Challenge.   Whenever I am prompted for the web server path, it
will not accept a valid linux path. As you can see from the below output, it
properly shows "Linux Centos 4", and then for some reason switches to seeing
Windows as the OS.


./sqlmap.py -u "http://192.168.1.21/index.php" --data "uname=foo&psw=bar"
--dbms=MySQL --level=5 --risk=3 --os="Linux" --os-pwn
--msf-path="/storage/tools/framework3/"



there were multiple injection points, please select the one to use for
following injections:
[0] place: POST, parameter: uname, type: Single quoted string (default)
[1] place: POST, parameter: psw, type: Single quoted string
[q] Quit
> 0
[12:39:34] [INFO] testing MySQL
[12:39:48] [INFO] confirming MySQL

[12:40:16] [WARNING] adjusting time delay to 1 second (due to good response
times)
[12:40:16] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 4
web application technology: PHP 4.3.9, Apache 2.0.52
back-end DBMS: MySQL < 5.0.0
[12:40:16] [INFO] fingerprinting the back-end DBMS operating system
[12:40:16] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
> 1
[12:40:22] [INFO] going to use a web backdoor to establish the tunnel
[12:40:22] [INFO] trying to upload the file stager
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] PHP (default)
[4] JSP
> 3
[12:40:24] [WARNING] unable to retrieve the web server document root
please provide the web server document root
[C:/xampp/htdocs/,C:/Inetpub/wwwroot/]:
[12:40:27] [WARNING] unable to retrieve any web server path
please provide any additional web server full path to try to upload the
agent [Enter for None]:
[12:40:27] [WARNING] unable to upload the file stager on 'C:/xampp/htdocs'
[12:40:27] [WARNING] unable to upload the file stager on
'C:/Inetpub/wwwroot'
[12:40:27] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 2 times
[12:40:27] [INFO] Fetched data logged to text files under
'/storage/tools/sqlmap-dev/output/192.168.1.21'

[*] shutting down at: 12:40:27




./sqlmap.py --version

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

sqlmap/1.0-dev

Re: [sqlmap-users] Bug - Incorrect OS Detection?

[Bernardo D. A. G. <ber...@gm...>]

Anthony,

On 20 April 2011 20:53, Anthony Boynes <ab...@gm...> wrote:
> Hello,
>
> sqlmap is not detecting the proper OS when I try to use various options,
> such as --os-cmd and --os-pwn.  I have been testing against the Kioptrix
> Level 2 VM Challenge.

Proper fingerprint of MySQL < 5 underlying OS has been fixed some
revisions ago, thanks for reporting.

>   Whenever I am prompted for the web server path, it
> will not accept a valid linux path. As you can see from the below output, it
> properly shows "Linux Centos 4", and then for some reason switches to seeing
> Windows as the OS.

Fixed at r3766. Switch --os now forces the OS and avoid sqlmap from
performing any back-end DBMS undelying OS fingerprint.

Cheers,
Bernardo


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F