Thread: [sqlmap-users] shell upload
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Ahmed S. <ah...@is...> - 2011-04-25 08:27:15
|
there is an issue when sqlmap comes to shell upload via os-shell or os-pwn
[10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3767)
Python version: 2.7
Operating system: posix
Command line: ./sqlmap.py -u
******************************************************* -p id --text-only
--cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in
start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
action
conf.dbmsHandler.osPwn()
File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 243, in
osPwn
self.uploadMsfPayloadStager(web=web)
File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 628, in
uploadMsfPayloadStager
self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote,
self.webDirectory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
webFileUpload
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
__webFileStreamUpload
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams,
raise404=False)
File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
getPage
conn = multipartOpener.open(url, multipart)
File "/usr/lib/python2.7/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.7/httplib.py", line 946, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
msg += message_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 387:
ordinal not in range(128)
[*] shutting down at: 10:24:59
[root@localhost sqlmap]#
--
- Ahmed Shawky El-Antry
- Pen-tester, Programmer and System administrator
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
|
From: Ahmed S. <ah...@is...> - 2011-04-25 08:32:04
|
it based uploading shell with the latest reversion (r3770) but here is
another issue
[10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3770)
Python version: 2.7
Operating system: posix
Command line: ./sqlmap.py -u
******************************************************* -p id --text-only
--cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in
start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
action
conf.dbmsHandler.osPwn()
File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in
osPwn
self.uploadShellcodeexec(web=web)
File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in
uploadShellcodeexec
self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote,
self.webDirectory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
webFileUpload
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
__webFileStreamUpload
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams,
raise404=False)
File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
getPage
conn = multipartOpener.open(url, multipart)
File "/usr/lib/python2.7/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.7/httplib.py", line 946, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
msg += message_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396:
ordinal not in range(128)
[*] shutting down at: 10:30:07
On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote:
> there is an issue when sqlmap comes to shell upload via os-shell or os-pwn
>
> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry
> your run with the latest development version from the Subversion repository.
> If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r3767)
> Python version: 2.7
> Operating system: posix
> Command line: ./sqlmap.py -u
> ******************************************************* -p id --text-only
> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap.py", line 83, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line 485,
> in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
> action
> conf.dbmsHandler.osPwn()
> File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 243, in
> osPwn
> self.uploadMsfPayloadStager(web=web)
> File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 628, in
> uploadMsfPayloadStager
> self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote,
> self.webDirectory)
> File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
> webFileUpload
> retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
> File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
> __webFileStreamUpload
> page = Request.getPage(url=self.webStagerUrl,
> multipart=multipartParams, raise404=False)
> File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
> getPage
> conn = multipartOpener.open(url, multipart)
> File "/usr/lib/python2.7/urllib2.py", line 391, in open
> response = self._open(req, data)
> File "/usr/lib/python2.7/urllib2.py", line 409, in _open
> '_open', req)
> File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
> result = func(*args)
> File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
> return self.do_open(httplib.HTTPConnection, req)
> File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
> h.request(req.get_method(), req.get_selector(), req.data, headers)
> File "/usr/lib/python2.7/httplib.py", line 946, in request
> self._send_request(method, url, body, headers)
> File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
> self.endheaders(body)
> File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
> self._send_output(message_body)
> File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
> msg += message_body
> UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 387:
> ordinal not in range(128)
>
> [*] shutting down at: 10:24:59
>
> [root@localhost sqlmap]#
>
> --
>
> - Ahmed Shawky El-Antry
> - Pen-tester, Programmer and System administrator
> - lnxg33k owner "http://lnxg33k.wordpress.com"
> - Isecur1ty team member"http://www.isecur1ty.org"
> - Twitter @lnxg33k
>
>
>
--
- Ahmed Shawky El-Antry
- Pen-tester, Programmer and System administrator
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-25 08:37:08
|
What is the language of the web application? Can you provide us privately with full output of -v 3 --flush-session please? Bernardo On 25 April 2011 09:31, Ahmed Shawky <ah...@is...> wrote: > it based uploading shell with the latest reversion (r3770) but here is > another issue > [10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r3770) > Python version: 2.7 > Operating system: posix > Command line: ./sqlmap.py -u > ******************************************************* -p id --text-only > --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 83, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in > start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in > action > conf.dbmsHandler.osPwn() > File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in > osPwn > self.uploadShellcodeexec(web=web) > File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in > uploadShellcodeexec > self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote, > self.webDirectory) > File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in > webFileUpload > retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) > File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in > __webFileStreamUpload > page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, > raise404=False) > File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in > getPage > conn = multipartOpener.open(url, multipart) > File "/usr/lib/python2.7/urllib2.py", line 391, in open > response = self._open(req, data) > File "/usr/lib/python2.7/urllib2.py", line 409, in _open > '_open', req) > File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain > result = func(*args) > File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open > h.request(req.get_method(), req.get_selector(), req.data, headers) > File "/usr/lib/python2.7/httplib.py", line 946, in request > self._send_request(method, url, body, headers) > File "/usr/lib/python2.7/httplib.py", line 987, in _send_request > self.endheaders(body) > File "/usr/lib/python2.7/httplib.py", line 940, in endheaders > self._send_output(message_body) > File "/usr/lib/python2.7/httplib.py", line 801, in _send_output > msg += message_body > UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: > ordinal not in range(128) > [*] shutting down at: 10:30:07 > On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote: >> >> there is an issue when sqlmap comes to shell upload via os-shell or >> os-pwn >> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry >> your run with the latest development version from the Subversion repository. >> If the exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the bug, >> fix it accordingly and get back to you. >> sqlmap version: 1.0-dev (r3767) >> Python version: 2.7 >> Operating system: posix >> Command line: ./sqlmap.py -u >> ******************************************************* -p id --text-only >> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn >> Technique: UNION >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 83, in main >> start() >> File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, >> in start >> action() >> File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in >> action >> conf.dbmsHandler.osPwn() >> File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 243, >> in osPwn >> self.uploadMsfPayloadStager(web=web) >> File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 628, in >> uploadMsfPayloadStager >> self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote, >> self.webDirectory) >> File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in >> webFileUpload >> retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) >> File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in >> __webFileStreamUpload >> page = Request.getPage(url=self.webStagerUrl, >> multipart=multipartParams, raise404=False) >> File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in >> getPage >> conn = multipartOpener.open(url, multipart) >> File "/usr/lib/python2.7/urllib2.py", line 391, in open >> response = self._open(req, data) >> File "/usr/lib/python2.7/urllib2.py", line 409, in _open >> '_open', req) >> File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain >> result = func(*args) >> File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open >> h.request(req.get_method(), req.get_selector(), req.data, headers) >> File "/usr/lib/python2.7/httplib.py", line 946, in request >> self._send_request(method, url, body, headers) >> File "/usr/lib/python2.7/httplib.py", line 987, in _send_request >> self.endheaders(body) >> File "/usr/lib/python2.7/httplib.py", line 940, in endheaders >> self._send_output(message_body) >> File "/usr/lib/python2.7/httplib.py", line 801, in _send_output >> msg += message_body >> UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 387: >> ordinal not in range(128) >> [*] shutting down at: 10:24:59 >> [root@localhost sqlmap]# >> -- >> >> Ahmed Shawky El-Antry >> Pen-tester, Programmer and System administrator >> lnxg33k owner "http://lnxg33k.wordpress.com" >> Isecur1ty team member"http://www.isecur1ty.org" >> Twitter @lnxg33k > > > > -- > > Ahmed Shawky El-Antry > Pen-tester, Programmer and System administrator > lnxg33k owner "http://lnxg33k.wordpress.com" > Isecur1ty team member"http://www.isecur1ty.org" > Twitter @lnxg33k > > ------------------------------------------------------------------------------ > Fulfilling the Lean Software Promise > Lean software platforms are now widely adopted and the benefits have been > demonstrated beyond question. Learn why your peers are replacing JEE > containers with lightweight application servers - and what you can gain > from the move. http://p.sf.net/sfu/vmware-sfemails > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Miroslav S. <mir...@gm...> - 2011-04-25 08:58:12
|
Hi Ahmed. Thanks for reporting. This will be fixed at the end of the week. It requires overwritting of some poorly written system methods. Sending from Bernardo's place in London :) KR On Monday, April 25, 2011, Bernardo Damele A. G. <ber...@gm...> wrote: > What is the language of the web application? Can you provide us > privately with full output of -v 3 --flush-session please? > > Bernardo > > On 25 April 2011 09:31, Ahmed Shawky <ah...@is...> wrote: >> it based uploading shell with the latest reversion (r3770) but here is >> another issue >> [10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry >> your run with the latest development version from the Subversion repository. >> If the exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the bug, >> fix it accordingly and get back to you. >> sqlmap version: 1.0-dev (r3770) >> Python version: 2.7 >> Operating system: posix >> Command line: ./sqlmap.py -u >> ******************************************************* -p id --text-only >> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn >> Technique: UNION >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 83, in main >> start() >> File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in >> start >> action() >> File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in >> action >> conf.dbmsHandler.osPwn() >> File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in >> osPwn >> self.uploadShellcodeexec(web=web) >> File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in >> uploadShellcodeexec >> self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote, >> self.webDirectory) >> File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in >> webFileUpload >> retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) >> File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in >> __webFileStreamUpload >> page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, >> raise404=False) >> File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in >> getPage >> conn = multipartOpener.open(url, multipart) >> File "/usr/lib/python2.7/urllib2.py", line 391, in open >> response = self._open(req, data) >> File "/usr/lib/python2.7/urllib2.py", line 409, in _open >> '_open', req) >> File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain >> result = func(*args) >> File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open >> h.request(req.get_method(), req.get_selector(), req.data, headers) >> File "/usr/lib/python2.7/httplib.py", line 946, in request >> self._send_request(method, url, body, headers) >> File "/usr/lib/python2.7/httplib.py", line 987, in _send_request >> self.endheaders(body) >> File "/usr/lib/python2.7/httplib.py", line 940, in endheaders >> self._send_output(message_body) >> File "/usr/lib/python2.7/httplib.py", line 801, in _send_output >> msg += message_body >> UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: >> ordinal not in range(128) >> [*] shutting down at: 10:30:07 >> On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote: >>> >>> there is an issue when sqlmap comes to shell upload via os-shell or >>> os-pwn >>> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry >>> your run with the latest development version from the Subversion repository. >>> If the exception persists, please send by e> ------------------------------------------------------------------------------ >> Fulfilling the Lean Software Promise >> Lean software platforms are now widely adopted and the benefits have been >> demonstrated beyond question. Learn why your peers are replacing JEE >> containers with lightweight application servers - and what you can gain >> from the move. http://p.sf.net/sfu/vmware-sfemails >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------------ > Fulfilling the Lean Software Promise > Lean software platforms are now widely adopted and the benefits have been > demonstrated beyond question. Learn why your peers are replacing JEE > containers with lightweight application servers - and what you can gain > from the move. http://p.sf.net/sfu/vmware-sfemails > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-29 16:56:15
|
hi Ahmed thank you again for reporting. find it fixed in the latest commit (r3781). kr On Mon, Apr 25, 2011 at 10:58 AM, Miroslav Stampar <mir...@gm...> wrote: > Hi Ahmed. > > Thanks for reporting. > > This will be fixed at the end of the week. It requires overwritting of > some poorly written system methods. > > Sending from Bernardo's place in London :) > > KR > On Monday, April 25, 2011, Bernardo Damele A. G. > <ber...@gm...> wrote: >> What is the language of the web application? Can you provide us >> privately with full output of -v 3 --flush-session please? >> >> Bernardo >> >> On 25 April 2011 09:31, Ahmed Shawky <ah...@is...> wrote: >>> it based uploading shell with the latest reversion (r3770) but here is >>> another issue >>> [10:30:07] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3770), retry >>> your run with the latest development version from the Subversion repository. >>> If the exception persists, please send by e-mail to >>> sql...@li... the following text and any information >>> required to reproduce the bug. The developers will try to reproduce the bug, >>> fix it accordingly and get back to you. >>> sqlmap version: 1.0-dev (r3770) >>> Python version: 2.7 >>> Operating system: posix >>> Command line: ./sqlmap.py -u >>> ******************************************************* -p id --text-only >>> --cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn >>> Technique: UNION >>> Back-end DBMS: MySQL (fingerprinted) >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 83, in main >>> start() >>> File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in >>> start >>> action() >>> File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in >>> action >>> conf.dbmsHandler.osPwn() >>> File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 245, in >>> osPwn >>> self.uploadShellcodeexec(web=web) >>> File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 560, in >>> uploadShellcodeexec >>> self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote, >>> self.webDirectory) >>> File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in >>> webFileUpload >>> retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) >>> File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in >>> __webFileStreamUpload >>> page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, >>> raise404=False) >>> File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in >>> getPage >>> conn = multipartOpener.open(url, multipart) >>> File "/usr/lib/python2.7/urllib2.py", line 391, in open >>> response = self._open(req, data) >>> File "/usr/lib/python2.7/urllib2.py", line 409, in _open >>> '_open', req) >>> File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain >>> result = func(*args) >>> File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open >>> return self.do_open(httplib.HTTPConnection, req) >>> File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open >>> h.request(req.get_method(), req.get_selector(), req.data, headers) >>> File "/usr/lib/python2.7/httplib.py", line 946, in request >>> self._send_request(method, url, body, headers) >>> File "/usr/lib/python2.7/httplib.py", line 987, in _send_request >>> self.endheaders(body) >>> File "/usr/lib/python2.7/httplib.py", line 940, in endheaders >>> self._send_output(message_body) >>> File "/usr/lib/python2.7/httplib.py", line 801, in _send_output >>> msg += message_body >>> UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: >>> ordinal not in range(128) >>> [*] shutting down at: 10:30:07 >>> On Mon, Apr 25, 2011 at 10:27 AM, Ahmed Shawky <ah...@is...> wrote: >>>> >>>> there is an issue when sqlmap comes to shell upload via os-shell or >>>> os-pwn >>>> [10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry >>>> your run with the latest development version from the Subversion repository. >>>> If the exception persists, please send by e> ------------------------------------------------------------------------------ >>> Fulfilling the Lean Software Promise >>> Lean software platforms are now widely adopted and the benefits have been >>> demonstrated beyond question. Learn why your peers are replacing JEE >>> containers with lightweight application servers - and what you can gain >>> from the move. http://p.sf.net/sfu/vmware-sfemails >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: 0x05F5A30F >> >> ------------------------------------------------------------------------------ >> Fulfilling the Lean Software Promise >> Lean software platforms are now widely adopted and the benefits have been >> demonstrated beyond question. Learn why your peers are replacing JEE >> containers with lightweight application servers - and what you can gain >> from the move. http://p.sf.net/sfu/vmware-sfemails >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X