there is an issue when sqlmap comes to shell upload via os-shell or os-pwn
[10:24:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3767), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3767)
Python version: 2.7
Operating system: posix
Command line: ./sqlmap.py -u
******************************************************* -p id --text-only
--cookie PHPSESSID=omqf68n95iss0op71odobvnhh4; security=low --os-pwn
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 485, in
start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 136, in
action
conf.dbmsHandler.osPwn()
File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 243, in
osPwn
self.uploadMsfPayloadStager(web=web)
File "/pentest/database/sqlmap/lib/takeover/metasploit.py", line 628, in
uploadMsfPayloadStager
self.webFileUpload(self.exeFilePathLocal, self.exeFilePathRemote,
self.webDirectory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 77, in
webFileUpload
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
File "/pentest/database/sqlmap/lib/takeover/web.py", line 96, in
__webFileStreamUpload
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams,
raise404=False)
File "/pentest/database/sqlmap/lib/request/connect.py", line 130, in
getPage
conn = multipartOpener.open(url, multipart)
File "/usr/lib/python2.7/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1173, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1142, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.7/httplib.py", line 946, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 987, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 940, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 801, in _send_output
msg += message_body
UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 387:
ordinal not in range(128)
[*] shutting down at: 10:24:59
[root@localhost sqlmap]#
--
- Ahmed Shawky El-Antry
- Pen-tester, Programmer and System administrator
- lnxg33k owner "http://lnxg33k.wordpress.com";
- Isecur1ty team member"http://www.isecur1ty.org";
- Twitter @lnxg33k
------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been
demonstrated beyond question. Learn why your peers are replacing JEE
containers with lightweight application servers - and what you can gain
from the move. http://p.sf.net/sfu/vmware-sfemails
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
