sqlmap-users

[sqlmap-users] Trouble in enumerating the tables

[v4d25f7gb2e7 t. <ve7...@gm...>]

I have some troubles.
I was able to get DB names(--dbs) and current DB name(--current-db).
But I was not able to enumerate tables in current DB(-D databasename --tables).
I tried it on MS SQLServer, MySQL and PostgreSQL,
on Windows and Linux.
with sqlmap 0.6.1 and 0.6
But all the results were failure.

Is this a bug?
Please give information.


log
--------------------------------------------------------------------------------------------------------------------------------------------------
C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte
st.php?id=1" -s c:\resume.log -D database1 --tables

    sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
                        and Daniele Bellucci <dan...@gm...>

[*] starting at: 15:54:37

[15:54:37] [INFO] resuming injection point 'GET' from session file
[15:54:37] [INFO] resuming injection parameter 'id' from session file
[15:54:37] [INFO] resuming injection type 'numeric' from session file
[15:54:37] [INFO] resuming 0 number of parenthesis from session file
[15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file
[15:54:37] [INFO] testing connection to the target url
back-end DBMS:  PostgreSQL

[15:54:38] [INFO] fetching tables for database 'database1'
[15:54:38] [INFO] fetching number of tables for database 'database1'
[15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000
0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH
R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49))
[15:54:38] [INFO] retrieved: 0
[15:54:40] [INFO] performed 13 queries in 1 seconds
[15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab
ase1'
[15:54:40] [ERROR] unable to retrieve the tables for any database

[*] shutting down at: 15:54:40

Re: [sqlmap-users] Trouble in enumerating the tables

[Bernardo D. A. G. <ber...@gm...>]

Hi,

On Tue, Oct 21, 2008 at 08:09, v4d25f7gb2e7 tgb4sr02be24
<ve7...@gm...> wrote:
> ...
> C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte
> st.php?id=1" -s c:\resume.log -D database1 --tables
>
>    sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
>                        and Daniele Bellucci <dan...@gm...>
>
> [*] starting at: 15:54:37
>
> [15:54:37] [INFO] resuming injection point 'GET' from session file
> [15:54:37] [INFO] resuming injection parameter 'id' from session file
> [15:54:37] [INFO] resuming injection type 'numeric' from session file
> [15:54:37] [INFO] resuming 0 number of parenthesis from session file
> [15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file
> [15:54:37] [INFO] testing connection to the target url
> back-end DBMS:  PostgreSQL
>
> [15:54:38] [INFO] fetching tables for database 'database1'
> [15:54:38] [INFO] fetching number of tables for database 'database1'
> [15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000
> 0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH
> R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49))
> [15:54:38] [INFO] retrieved: 0
> [15:54:40] [INFO] performed 13 queries in 1 seconds
> [15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab
> ase1'
> [15:54:40] [ERROR] unable to retrieve the tables for any database

As you can read from sqlmap documentation online[1] or on the doc/ folder:

"Note that on PostgreSQL you have to provide public or the name of a
system database because it is not possible to enumerate other
databases tables, only the users' schema that the web application's
user is connected to, which is always public."

So on PostgreSQL if you want to retrieve the tables for the current
database provide 'public' as DB name.

On others DBMS it works. Refer to sqlmap documentation examples.

[1] http://sqlmap.sourceforge.net/doc/README.html#ss5.4

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] Trouble in enumerating the tables

[Andres R. <and...@gm...>]

Bernardo,

On Tue, Oct 21, 2008 at 6:34 AM, Bernardo Damele A. G.
<ber...@gm...> wrote:
> Hi,
>
> On Tue, Oct 21, 2008 at 08:09, v4d25f7gb2e7 tgb4sr02be24
> <ve7...@gm...> wrote:
>> ...
>> C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte
>> st.php?id=1" -s c:\resume.log -D database1 --tables
>>
>>    sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
>>                        and Daniele Bellucci <dan...@gm...>
>>
>> [*] starting at: 15:54:37
>>
>> [15:54:37] [INFO] resuming injection point 'GET' from session file
>> [15:54:37] [INFO] resuming injection parameter 'id' from session file
>> [15:54:37] [INFO] resuming injection type 'numeric' from session file
>> [15:54:37] [INFO] resuming 0 number of parenthesis from session file
>> [15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file
>> [15:54:37] [INFO] testing connection to the target url
>> back-end DBMS:  PostgreSQL
>>
>> [15:54:38] [INFO] fetching tables for database 'database1'
>> [15:54:38] [INFO] fetching number of tables for database 'database1'
>> [15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000
>> 0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH
>> R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49))
>> [15:54:38] [INFO] retrieved: 0
>> [15:54:40] [INFO] performed 13 queries in 1 seconds
>> [15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab
>> ase1'
>> [15:54:40] [ERROR] unable to retrieve the tables for any database
>
> As you can read from sqlmap documentation online[1] or on the doc/ folder:
>
> "Note that on PostgreSQL you have to provide public or the name of a
> system database because it is not possible to enumerate other
> databases tables, only the users' schema that the web application's
> user is connected to, which is always public."
>
> So on PostgreSQL if you want to retrieve the tables for the current
> database provide 'public' as DB name.
>
> On others DBMS it works. Refer to sqlmap documentation examples.

Maybe you could define that as a default for postgresql?
Something like...

$ ./sqlmap ... --enumerate-tables
...
fingerprinted as postgresql
...
you didn't specified the table name, using "public" as default.
...
working... results:
$

> [1] http://sqlmap.sourceforge.net/doc/README.html#ss5.4
>
> Cheers,
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
> PGP Key ID: 0x05F5A30F
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework

Re: [sqlmap-users] Trouble in enumerating the tables

[Bernardo D. A. G. <ber...@gm...>]

Hi Andres,

On Tue, Oct 21, 2008 at 14:51, Andres Riancho <and...@gm...> wrote:
> ...
> Maybe you could define that as a default for postgresql?
> Something like...
>
> $ ./sqlmap ... --enumerate-tables
> ...
> fingerprinted as postgresql
> ...
> you didn't specified the table name, using "public" as default.
> ...
> working... results:
> $

Good point. It will be implemented in sqlmap 0.7.

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK)
PGP Key ID: 0x05F5A30F