2009/7/17 Mathew Rowley <mat...@ca...>:
> Is there something im doing wrong? This is connecting to a local web server
> (run on a virtual machine)
>
Yes.
The command should be:
$ ./sqlmap.py --auth-type=BASIC --auth-cred=guest:guest -v 3 -u
'http://192.168.107.3:8180/WebGoat/attack?Screen=27&menu=1200'
> $ ./sqlmap.py -u
> 'http://192.168.107.3:8180/WebGoat/attack?Screen=27&menu=1200' --auth-type
> Basic --auth-cred 'guest:guest' -v 3
>
> sqlmap/0.7rc1
> by Bernardo Damele A. G. <ber...@gm...>
>
> [*] starting at: 15:00:01
>
> [15:00:01] [DEBUG] initializing the configuration
> [15:00:01] [DEBUG] initializing the knowledge base
> [15:00:01] [DEBUG] cleaning up configuration parameters
> [15:00:01] [DEBUG] setting the HTTP timeout
> [15:00:01] [DEBUG] setting the HTTP method to GET
> [15:00:01] [DEBUG] setting the HTTP Authentication type and credentials
> [15:00:01] [DEBUG] creating HTTP requests opener object
> [15:00:01] [DEBUG] parsing XML queries file
> [15:00:01] [INFO] testing connection to the target url
> [15:00:01] [ERROR] not authorized, try to provide right HTTP authentication
> type and valid credentials
>
> [*] shutting down at: 15:00:01
>
>
> Wget works fine:
> $ wget
> http://guest:guest@192.168.107.3:8180/WebGoat/attack?Screen=27&menu=1200
> [1] 38059
> atlantis:/Applications/hacking/sqlmap-0.7rc1 $ --2009-07-17 15:02:03--
> http://guest:*password*@192.168.107.3:8180/WebGoat/attack?Screen=27
> Connecting to 192.168.107.3:8180... connected.
> HTTP request sent, awaiting response... 401 Unauthorized
> Reusing existing connection to 192.168.107.3:8180.
> HTTP request sent, awaiting response... 200 OK
> Length: 3914 (3.8K) [text/html]
> Saving to: `attack?Screen=27'
>
> 100%[====================================================================================================================================================================================================>]
> 3,914 --.-K/s in 0s
>
> 2009-07-17 15:02:03 (149 MB/s) - `attack?Screen=27' saved [3914/3914]
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
