Thread: [sqlmap-users] cleaning up after yourself
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Robin W. <ro...@di...> - 2014-12-04 15:30:45
|
I'm testing sqlmap against an MSSQL DB and looking at running OS commands. In an attempt to reenable xp_cmdshell a stored proc called xp_gedp has been created and left behind, is there any way to automatically clean up this and any other things that are created? Robin |
|
From: Robin W. <ro...@di...> - 2014-12-04 15:19:40
|
Looking at the commands sent I can see three drop tables for sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored procedures. On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: > Just spotted --cleanup but that didn't remove the procedure, sqlmap > command seemed to run OK though but didn't say anything about what it > was removing, should it have done? > > Robin > > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: >> I'm testing sqlmap against an MSSQL DB and looking at running OS >> commands. In an attempt to reenable xp_cmdshell a stored proc called >> xp_gedp has been created and left behind, is there any way to >> automatically clean up this and any other things that are created? >> >> Robin |
|
From: Robin W. <ro...@di...> - 2014-12-04 15:33:32
|
Just spotted --cleanup but that didn't remove the procedure, sqlmap command seemed to run OK though but didn't say anything about what it was removing, should it have done? Robin On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: > I'm testing sqlmap against an MSSQL DB and looking at running OS > commands. In an attempt to reenable xp_cmdshell a stored proc called > xp_gedp has been created and left behind, is there any way to > automatically clean up this and any other things that are created? > > Robin |
|
From: Miroslav S. <mir...@gm...> - 2014-12-05 10:56:29
|
Will check this out in an hour or so. At first glance I can see that we have to make a patch for MsSQL. Bye On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: > Looking at the commands sent I can see three drop tables for > sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored > procedures. > > On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: > > Just spotted --cleanup but that didn't remove the procedure, sqlmap > > command seemed to run OK though but didn't say anything about what it > > was removing, should it have done? > > > > Robin > > > > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: > >> I'm testing sqlmap against an MSSQL DB and looking at running OS > >> commands. In an attempt to reenable xp_cmdshell a stored proc called > >> xp_gedp has been created and left behind, is there any way to > >> automatically clean up this and any other things that are created? > >> > >> Robin > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2014-12-05 21:04:03
|
Hi. Just made a patch. Not around a testing environment to test it out, but now it should work (new proc name is not randomly generated from now on so it could be properly deleted afterwards). Bye On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar < mir...@gm...> wrote: > Will check this out in an hour or so. At first glance I can see that we > have to make a patch for MsSQL. > > Bye > > On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: > >> Looking at the commands sent I can see three drop tables for >> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >> procedures. >> >> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: >> > Just spotted --cleanup but that didn't remove the procedure, sqlmap >> > command seemed to run OK though but didn't say anything about what it >> > was removing, should it have done? >> > >> > Robin >> > >> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: >> >> I'm testing sqlmap against an MSSQL DB and looking at running OS >> >> commands. In an attempt to reenable xp_cmdshell a stored proc called >> >> xp_gedp has been created and left behind, is there any way to >> >> automatically clean up this and any other things that are created? >> >> >> >> Robin >> >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & more >> Get technology previously reserved for billion-dollar corporations, FREE >> >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Robin W. <ro...@di...> - 2014-12-05 21:07:55
|
OK, I've got a lab I can test it in later tonight. When you say not random, is it still dynamic va On 5 December 2014 at 21:03, Miroslav Stampar <mir...@gm...> wrote: > Hi. > > Just made a patch. Not around a testing environment to test it out, but now > it should work (new proc name is not randomly generated from now on so it > could be properly deleted afterwards). > > Bye > > On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar > <mir...@gm...> wrote: >> >> Will check this out in an hour or so. At first glance I can see that we >> have to make a patch for MsSQL. >> >> Bye >> >> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: >>> >>> Looking at the commands sent I can see three drop tables for >>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >>> procedures. >>> >>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: >>> > Just spotted --cleanup but that didn't remove the procedure, sqlmap >>> > command seemed to run OK though but didn't say anything about what it >>> > was removing, should it have done? >>> > >>> > Robin >>> > >>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: >>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS >>> >> commands. In an attempt to reenable xp_cmdshell a stored proc called >>> >> xp_gedp has been created and left behind, is there any way to >>> >> automatically clean up this and any other things that are created? >>> >> >>> >> Robin >>> >>> >>> ------------------------------------------------------------------------------ >>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>> Get technology previously reserved for billion-dollar corporations, FREE >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Robin W. <ro...@di...> - 2014-12-05 21:09:02
|
Sorry, somehow sent early, was trying to ask, is the name still dynamic or is it now just a fixed name? Robin On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: > OK, I've got a lab I can test it in later tonight. > > When you say not random, is it still dynamic va > > On 5 December 2014 at 21:03, Miroslav Stampar > <mir...@gm...> wrote: >> Hi. >> >> Just made a patch. Not around a testing environment to test it out, but now >> it should work (new proc name is not randomly generated from now on so it >> could be properly deleted afterwards). >> >> Bye >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar >> <mir...@gm...> wrote: >>> >>> Will check this out in an hour or so. At first glance I can see that we >>> have to make a patch for MsSQL. >>> >>> Bye >>> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: >>>> >>>> Looking at the commands sent I can see three drop tables for >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >>>> procedures. >>>> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: >>>> > Just spotted --cleanup but that didn't remove the procedure, sqlmap >>>> > command seemed to run OK though but didn't say anything about what it >>>> > was removing, should it have done? >>>> > >>>> > Robin >>>> > >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc called >>>> >> xp_gedp has been created and left behind, is there any way to >>>> >> automatically clean up this and any other things that are created? >>>> >> >>>> >> Robin >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>>> Get technology previously reserved for billion-dollar corporations, FREE >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2014-12-05 21:14:36
|
Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for cleanup in further runs) Bye On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> wrote: > Sorry, somehow sent early, was trying to ask, is the name still > dynamic or is it now just a fixed name? > > Robin > > On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: > > OK, I've got a lab I can test it in later tonight. > > > > When you say not random, is it still dynamic va > > > > On 5 December 2014 at 21:03, Miroslav Stampar > > <mir...@gm...> wrote: > >> Hi. > >> > >> Just made a patch. Not around a testing environment to test it out, but > now > >> it should work (new proc name is not randomly generated from now on so > it > >> could be properly deleted afterwards). > >> > >> Bye > >> > >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar > >> <mir...@gm...> wrote: > >>> > >>> Will check this out in an hour or so. At first glance I can see that we > >>> have to make a patch for MsSQL. > >>> > >>> Bye > >>> > >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: > >>>> > >>>> Looking at the commands sent I can see three drop tables for > >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored > >>>> procedures. > >>>> > >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: > >>>> > Just spotted --cleanup but that didn't remove the procedure, sqlmap > >>>> > command seemed to run OK though but didn't say anything about what > it > >>>> > was removing, should it have done? > >>>> > > >>>> > Robin > >>>> > > >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: > >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS > >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc > called > >>>> >> xp_gedp has been created and left behind, is there any way to > >>>> >> automatically clean up this and any other things that are created? > >>>> >> > >>>> >> Robin > >>>> > >>>> > >>>> > ------------------------------------------------------------------------------ > >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > >>>> from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & > more > >>>> Get technology previously reserved for billion-dollar corporations, > FREE > >>>> > >>>> > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > >>>> _______________________________________________ > >>>> sqlmap-users mailing list > >>>> sql...@li... > >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > >>> > >>> > >>> > >>> -- > >>> Miroslav Stampar > >>> http://about.me/stamparm > >> > >> > >> > >> > >> -- > >> Miroslav Stampar > >> http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Robin W. <ro...@di...> - 2014-12-05 21:20:01
|
Does this mean as a defence we could create a procedure with the same name which would block the creation? Robin On 5 December 2014 at 21:14, Miroslav Stampar <mir...@gm...> wrote: > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for > cleanup in further runs) > > Bye > > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> wrote: >> >> Sorry, somehow sent early, was trying to ask, is the name still >> dynamic or is it now just a fixed name? >> >> Robin >> >> On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: >> > OK, I've got a lab I can test it in later tonight. >> > >> > When you say not random, is it still dynamic va >> > >> > On 5 December 2014 at 21:03, Miroslav Stampar >> > <mir...@gm...> wrote: >> >> Hi. >> >> >> >> Just made a patch. Not around a testing environment to test it out, but >> >> now >> >> it should work (new proc name is not randomly generated from now on so >> >> it >> >> could be properly deleted afterwards). >> >> >> >> Bye >> >> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar >> >> <mir...@gm...> wrote: >> >>> >> >>> Will check this out in an hour or so. At first glance I can see that >> >>> we >> >>> have to make a patch for MsSQL. >> >>> >> >>> Bye >> >>> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> wrote: >> >>>> >> >>>> Looking at the commands sent I can see three drop tables for >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >> >>>> procedures. >> >>>> >> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: >> >>>> > Just spotted --cleanup but that didn't remove the procedure, sqlmap >> >>>> > command seemed to run OK though but didn't say anything about what >> >>>> > it >> >>>> > was removing, should it have done? >> >>>> > >> >>>> > Robin >> >>>> > >> >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> wrote: >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc >> >>>> >> called >> >>>> >> xp_gedp has been created and left behind, is there any way to >> >>>> >> automatically clean up this and any other things that are created? >> >>>> >> >> >>>> >> Robin >> >>>> >> >>>> >> >>>> >> >>>> ------------------------------------------------------------------------------ >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> >>>> from Actuate! Instantly Supercharge Your Business Reports and >> >>>> Dashboards >> >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >> >>>> more >> >>>> Get technology previously reserved for billion-dollar corporations, >> >>>> FREE >> >>>> >> >>>> >> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >>>> _______________________________________________ >> >>>> sqlmap-users mailing list >> >>>> sql...@li... >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Miroslav Stampar >> >>> http://about.me/stamparm >> >> >> >> >> >> >> >> >> >> -- >> >> Miroslav Stampar >> >> http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2014-12-05 21:27:28
|
Well, if you think like that, used auxiliary table names are also static (sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table names and proc names for defensive purposes just like that around will only create panic. Also, non-skiddy will easily detect that there is already a proc/table name with the same name causing the problem and he will easily adapt either sqlmap or drop older entities (e.g. via --cleanup). Why wouldn't you revoke privileges for creating of tables and/or procedures for defensive purposes rather than laying around sqlmap... inside database? Bye On Fri, Dec 5, 2014 at 10:19 PM, Robin Wood <ro...@di...nja> wrote: > Does this mean as a defence we could create a procedure with the same > name which would block the creation? > > Robin > > On 5 December 2014 at 21:14, Miroslav Stampar > <mir...@gm...> wrote: > > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for > > cleanup in further runs) > > > > Bye > > > > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> wrote: > >> > >> Sorry, somehow sent early, was trying to ask, is the name still > >> dynamic or is it now just a fixed name? > >> > >> Robin > >> > >> On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: > >> > OK, I've got a lab I can test it in later tonight. > >> > > >> > When you say not random, is it still dynamic va > >> > > >> > On 5 December 2014 at 21:03, Miroslav Stampar > >> > <mir...@gm...> wrote: > >> >> Hi. > >> >> > >> >> Just made a patch. Not around a testing environment to test it out, > but > >> >> now > >> >> it should work (new proc name is not randomly generated from now on > so > >> >> it > >> >> could be properly deleted afterwards). > >> >> > >> >> Bye > >> >> > >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar > >> >> <mir...@gm...> wrote: > >> >>> > >> >>> Will check this out in an hour or so. At first glance I can see that > >> >>> we > >> >>> have to make a patch for MsSQL. > >> >>> > >> >>> Bye > >> >>> > >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> > wrote: > >> >>>> > >> >>>> Looking at the commands sent I can see three drop tables for > >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored > >> >>>> procedures. > >> >>>> > >> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: > >> >>>> > Just spotted --cleanup but that didn't remove the procedure, > sqlmap > >> >>>> > command seemed to run OK though but didn't say anything about > what > >> >>>> > it > >> >>>> > was removing, should it have done? > >> >>>> > > >> >>>> > Robin > >> >>>> > > >> >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> > wrote: > >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS > >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc > >> >>>> >> called > >> >>>> >> xp_gedp has been created and left behind, is there any way to > >> >>>> >> automatically clean up this and any other things that are > created? > >> >>>> >> > >> >>>> >> Robin > >> >>>> > >> >>>> > >> >>>> > >> >>>> > ------------------------------------------------------------------------------ > >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > >> >>>> from Actuate! Instantly Supercharge Your Business Reports and > >> >>>> Dashboards > >> >>>> with Interactivity, Sharing, Native Excel Exports, App Integration > & > >> >>>> more > >> >>>> Get technology previously reserved for billion-dollar corporations, > >> >>>> FREE > >> >>>> > >> >>>> > >> >>>> > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > >> >>>> _______________________________________________ > >> >>>> sqlmap-users mailing list > >> >>>> sql...@li... > >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Miroslav Stampar > >> >>> http://about.me/stamparm > >> >> > >> >> > >> >> > >> >> > >> >> -- > >> >> Miroslav Stampar > >> >> http://about.me/stamparm > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Robin W. <ro...@di...> - 2014-12-05 21:31:19
|
Fair enough, all valid points. I'd not looked at the fixed table names till looking at cleanup so hadn't thought about any of it before. Robin On 5 December 2014 at 21:27, Miroslav Stampar <mir...@gm...> wrote: > Well, if you think like that, used auxiliary table names are also static > (sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table names and > proc names for defensive purposes just like that around will only create > panic. Also, non-skiddy will easily detect that there is already a > proc/table name with the same name causing the problem and he will easily > adapt either sqlmap or drop older entities (e.g. via --cleanup). > > Why wouldn't you revoke privileges for creating of tables and/or procedures > for defensive purposes rather than laying around sqlmap... inside database? > > Bye > > On Fri, Dec 5, 2014 at 10:19 PM, Robin Wood <ro...@di...nja> wrote: >> >> Does this mean as a defence we could create a procedure with the same >> name which would block the creation? >> >> Robin >> >> On 5 December 2014 at 21:14, Miroslav Stampar >> <mir...@gm...> wrote: >> > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for >> > cleanup in further runs) >> > >> > Bye >> > >> > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> wrote: >> >> >> >> Sorry, somehow sent early, was trying to ask, is the name still >> >> dynamic or is it now just a fixed name? >> >> >> >> Robin >> >> >> >> On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: >> >> > OK, I've got a lab I can test it in later tonight. >> >> > >> >> > When you say not random, is it still dynamic va >> >> > >> >> > On 5 December 2014 at 21:03, Miroslav Stampar >> >> > <mir...@gm...> wrote: >> >> >> Hi. >> >> >> >> >> >> Just made a patch. Not around a testing environment to test it out, >> >> >> but >> >> >> now >> >> >> it should work (new proc name is not randomly generated from now on >> >> >> so >> >> >> it >> >> >> could be properly deleted afterwards). >> >> >> >> >> >> Bye >> >> >> >> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar >> >> >> <mir...@gm...> wrote: >> >> >>> >> >> >>> Will check this out in an hour or so. At first glance I can see >> >> >>> that >> >> >>> we >> >> >>> have to make a patch for MsSQL. >> >> >>> >> >> >>> Bye >> >> >>> >> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> >> >> >>> wrote: >> >> >>>> >> >> >>>> Looking at the commands sent I can see three drop tables for >> >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >> >> >>>> procedures. >> >> >>>> >> >> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> wrote: >> >> >>>> > Just spotted --cleanup but that didn't remove the procedure, >> >> >>>> > sqlmap >> >> >>>> > command seemed to run OK though but didn't say anything about >> >> >>>> > what >> >> >>>> > it >> >> >>>> > was removing, should it have done? >> >> >>>> > >> >> >>>> > Robin >> >> >>>> > >> >> >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> >> >> >>>> > wrote: >> >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running >> >> >>>> >> OS >> >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc >> >> >>>> >> called >> >> >>>> >> xp_gedp has been created and left behind, is there any way to >> >> >>>> >> automatically clean up this and any other things that are >> >> >>>> >> created? >> >> >>>> >> >> >> >>>> >> Robin >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> ------------------------------------------------------------------------------ >> >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> >> >>>> from Actuate! Instantly Supercharge Your Business Reports and >> >> >>>> Dashboards >> >> >>>> with Interactivity, Sharing, Native Excel Exports, App Integration >> >> >>>> & >> >> >>>> more >> >> >>>> Get technology previously reserved for billion-dollar >> >> >>>> corporations, >> >> >>>> FREE >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >> >>>> _______________________________________________ >> >> >>>> sqlmap-users mailing list >> >> >>>> sql...@li... >> >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> -- >> >> >>> Miroslav Stampar >> >> >>> http://about.me/stamparm >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Miroslav Stampar >> >> >> http://about.me/stamparm >> > >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Rodrigo Z. S. <rod...@gm...> - 2014-12-07 17:02:35
|
I already see that when trying to read a file in microsoft sql server it create a "sqlmapfile" and didn't drop in the end. This is not a smart thing to do. By the way, I already tried to read any file using the sqlmap and none worked. I see some absolute path in the server but without success until now. Any idea from a single file that I can read just to see that it is working? Any common file in the Microsoft SQL SErver 2008 R2? 2014-12-05 19:30 GMT-02:00 Robin Wood <ro...@di...nja>: > Fair enough, all valid points. I'd not looked at the fixed table names > till looking at cleanup so hadn't thought about any of it before. > > Robin > > On 5 December 2014 at 21:27, Miroslav Stampar > <mir...@gm...> wrote: > > Well, if you think like that, used auxiliary table names are also static > > (sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table names > and > > proc names for defensive purposes just like that around will only create > > panic. Also, non-skiddy will easily detect that there is already a > > proc/table name with the same name causing the problem and he will easily > > adapt either sqlmap or drop older entities (e.g. via --cleanup). > > > > Why wouldn't you revoke privileges for creating of tables and/or > procedures > > for defensive purposes rather than laying around sqlmap... inside > database? > > > > Bye > > > > On Fri, Dec 5, 2014 at 10:19 PM, Robin Wood <ro...@di...nja> wrote: > >> > >> Does this mean as a defence we could create a procedure with the same > >> name which would block the creation? > >> > >> Robin > >> > >> On 5 December 2014 at 21:14, Miroslav Stampar > >> <mir...@gm...> wrote: > >> > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier > for > >> > cleanup in further runs) > >> > > >> > Bye > >> > > >> > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> wrote: > >> >> > >> >> Sorry, somehow sent early, was trying to ask, is the name still > >> >> dynamic or is it now just a fixed name? > >> >> > >> >> Robin > >> >> > >> >> On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: > >> >> > OK, I've got a lab I can test it in later tonight. > >> >> > > >> >> > When you say not random, is it still dynamic va > >> >> > > >> >> > On 5 December 2014 at 21:03, Miroslav Stampar > >> >> > <mir...@gm...> wrote: > >> >> >> Hi. > >> >> >> > >> >> >> Just made a patch. Not around a testing environment to test it > out, > >> >> >> but > >> >> >> now > >> >> >> it should work (new proc name is not randomly generated from now > on > >> >> >> so > >> >> >> it > >> >> >> could be properly deleted afterwards). > >> >> >> > >> >> >> Bye > >> >> >> > >> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar > >> >> >> <mir...@gm...> wrote: > >> >> >>> > >> >> >>> Will check this out in an hour or so. At first glance I can see > >> >> >>> that > >> >> >>> we > >> >> >>> have to make a patch for MsSQL. > >> >> >>> > >> >> >>> Bye > >> >> >>> > >> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> > >> >> >>> wrote: > >> >> >>>> > >> >> >>>> Looking at the commands sent I can see three drop tables for > >> >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for > stored > >> >> >>>> procedures. > >> >> >>>> > >> >> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> > wrote: > >> >> >>>> > Just spotted --cleanup but that didn't remove the procedure, > >> >> >>>> > sqlmap > >> >> >>>> > command seemed to run OK though but didn't say anything about > >> >> >>>> > what > >> >> >>>> > it > >> >> >>>> > was removing, should it have done? > >> >> >>>> > > >> >> >>>> > Robin > >> >> >>>> > > >> >> >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> > >> >> >>>> > wrote: > >> >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running > >> >> >>>> >> OS > >> >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc > >> >> >>>> >> called > >> >> >>>> >> xp_gedp has been created and left behind, is there any way to > >> >> >>>> >> automatically clean up this and any other things that are > >> >> >>>> >> created? > >> >> >>>> >> > >> >> >>>> >> Robin > >> >> >>>> > >> >> >>>> > >> >> >>>> > >> >> >>>> > >> >> >>>> > ------------------------------------------------------------------------------ > >> >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server > >> >> >>>> from Actuate! Instantly Supercharge Your Business Reports and > >> >> >>>> Dashboards > >> >> >>>> with Interactivity, Sharing, Native Excel Exports, App > Integration > >> >> >>>> & > >> >> >>>> more > >> >> >>>> Get technology previously reserved for billion-dollar > >> >> >>>> corporations, > >> >> >>>> FREE > >> >> >>>> > >> >> >>>> > >> >> >>>> > >> >> >>>> > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > >> >> >>>> _______________________________________________ > >> >> >>>> sqlmap-users mailing list > >> >> >>>> sql...@li... > >> >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> -- > >> >> >>> Miroslav Stampar > >> >> >>> http://about.me/stamparm > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Miroslav Stampar > >> >> >> http://about.me/stamparm > >> > > >> > > >> > > >> > > >> > -- > >> > Miroslav Stampar > >> > http://about.me/stamparm > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Rodrigo Z. S. <rod...@gm...> - 2014-12-07 17:05:10
|
it create the "sqlmapfile" TABLE. I was in shock when I see that this was in server because it give a huge way to discovery a vulnerability. 2014-12-07 15:02 GMT-02:00 Rodrigo Zanatta Silva < rod...@gm...>: > I already see that when trying to read a file in microsoft sql server it > create a "sqlmapfile" and didn't drop in the end. This is not a smart thing > to do. > > By the way, I already tried to read any file using the sqlmap and none > worked. I see some absolute path in the server but without success until > now. > > Any idea from a single file that I can read just to see that it is > working? Any common file in the Microsoft SQL SErver 2008 R2? > > 2014-12-05 19:30 GMT-02:00 Robin Wood <ro...@di...nja>: > > Fair enough, all valid points. I'd not looked at the fixed table names >> till looking at cleanup so hadn't thought about any of it before. >> >> Robin >> >> On 5 December 2014 at 21:27, Miroslav Stampar >> <mir...@gm...> wrote: >> > Well, if you think like that, used auxiliary table names are also static >> > (sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table >> names and >> > proc names for defensive purposes just like that around will only create >> > panic. Also, non-skiddy will easily detect that there is already a >> > proc/table name with the same name causing the problem and he will >> easily >> > adapt either sqlmap or drop older entities (e.g. via --cleanup). >> > >> > Why wouldn't you revoke privileges for creating of tables and/or >> procedures >> > for defensive purposes rather than laying around sqlmap... inside >> database? >> > >> > Bye >> > >> > On Fri, Dec 5, 2014 at 10:19 PM, Robin Wood <ro...@di...nja> wrote: >> >> >> >> Does this mean as a defence we could create a procedure with the same >> >> name which would block the creation? >> >> >> >> Robin >> >> >> >> On 5 December 2014 at 21:14, Miroslav Stampar >> >> <mir...@gm...> wrote: >> >> > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier >> for >> >> > cleanup in further runs) >> >> > >> >> > Bye >> >> > >> >> > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <ro...@di...nja> >> wrote: >> >> >> >> >> >> Sorry, somehow sent early, was trying to ask, is the name still >> >> >> dynamic or is it now just a fixed name? >> >> >> >> >> >> Robin >> >> >> >> >> >> On 5 December 2014 at 21:07, Robin Wood <ro...@di...nja> wrote: >> >> >> > OK, I've got a lab I can test it in later tonight. >> >> >> > >> >> >> > When you say not random, is it still dynamic va >> >> >> > >> >> >> > On 5 December 2014 at 21:03, Miroslav Stampar >> >> >> > <mir...@gm...> wrote: >> >> >> >> Hi. >> >> >> >> >> >> >> >> Just made a patch. Not around a testing environment to test it >> out, >> >> >> >> but >> >> >> >> now >> >> >> >> it should work (new proc name is not randomly generated from now >> on >> >> >> >> so >> >> >> >> it >> >> >> >> could be properly deleted afterwards). >> >> >> >> >> >> >> >> Bye >> >> >> >> >> >> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar >> >> >> >> <mir...@gm...> wrote: >> >> >> >>> >> >> >> >>> Will check this out in an hour or so. At first glance I can see >> >> >> >>> that >> >> >> >>> we >> >> >> >>> have to make a patch for MsSQL. >> >> >> >>> >> >> >> >>> Bye >> >> >> >>> >> >> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <ro...@di...nja> >> >> >> >>> wrote: >> >> >> >>>> >> >> >> >>>> Looking at the commands sent I can see three drop tables for >> >> >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for >> stored >> >> >> >>>> procedures. >> >> >> >>>> >> >> >> >>>> On 4 December 2014 at 15:08, Robin Wood <ro...@di...nja> >> wrote: >> >> >> >>>> > Just spotted --cleanup but that didn't remove the procedure, >> >> >> >>>> > sqlmap >> >> >> >>>> > command seemed to run OK though but didn't say anything about >> >> >> >>>> > what >> >> >> >>>> > it >> >> >> >>>> > was removing, should it have done? >> >> >> >>>> > >> >> >> >>>> > Robin >> >> >> >>>> > >> >> >> >>>> > On 4 December 2014 at 15:01, Robin Wood <ro...@di...nja> >> >> >> >>>> > wrote: >> >> >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at >> running >> >> >> >>>> >> OS >> >> >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored >> proc >> >> >> >>>> >> called >> >> >> >>>> >> xp_gedp has been created and left behind, is there any way >> to >> >> >> >>>> >> automatically clean up this and any other things that are >> >> >> >>>> >> created? >> >> >> >>>> >> >> >> >> >>>> >> Robin >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> ------------------------------------------------------------------------------ >> >> >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT >> Server >> >> >> >>>> from Actuate! Instantly Supercharge Your Business Reports and >> >> >> >>>> Dashboards >> >> >> >>>> with Interactivity, Sharing, Native Excel Exports, App >> Integration >> >> >> >>>> & >> >> >> >>>> more >> >> >> >>>> Get technology previously reserved for billion-dollar >> >> >> >>>> corporations, >> >> >> >>>> FREE >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >> >> >>>> _______________________________________________ >> >> >> >>>> sqlmap-users mailing list >> >> >> >>>> sql...@li... >> >> >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> -- >> >> >> >>> Miroslav Stampar >> >> >> >>> http://about.me/stamparm >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> Miroslav Stampar >> >> >> >> http://about.me/stamparm >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > Miroslav Stampar >> >> > http://about.me/stamparm >> > >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & more >> Get technology previously reserved for billion-dollar corporations, FREE >> >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X