Hi Chris.
Could you please send the traffic file retrieved with -t traffic.txt?
Kind regards,
Miroslav Stampar
Dana 21.12.2011. 15:57 "Chris Oakley" <christopher.oak...@gmail.com> je
napisao/la:
> Hi All
>
> I have a time based blind injection on a machine running Windows Server
> 2003, IIS 6 and SQL Server 2000. The user is running as DBA. I should be
> able to enable xp_cmdshell, and indeed:
>
> [13:10:12] [INFO] testing if current user is DBA
> [13:10:12] [INFO] retrieved: 1
> [13:10:29] [INFO] checking if xp_cmdshell extended procedure is available,
> please wait..
> [13:10:40] [INFO] xp_cmdshell extended procedure is available
> [13:10:41] [INFO] going to use xp_cmdshell extended procedure for
> operating system command execution
> [13:10:41] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and
> press ENTER
> os-shell> dir
> do you want to retrieve the command standard output? [Y/n/a]
> [13:10:53] [INFO] retrieved:
> No output
> os-shell> ipconfig
> do you want to retrieve the command standard output? [Y/n/a]
> [13:11:11] [INFO] retrieved:
> No output
> os-shell> exit
> [13:31:24] [INFO] cleaning up the database management system
> [13:31:26] [INFO] Fetched data logged to text files under...
>
> As you can see, no output is returned (is this because of the injection
> type I wonder?).
>
> I've tried the various out of bounds methods with BT and msf too, but this
> seems to fail at various stages.
>
> Could it be that the database server is separate from the web server and
> is totally isolated from the outside world by egress rules?
>
> I'm trying to understand why in this case nothing seems to be working.
>
> Any ideas would be great.
>
> Regards
>
> Chris
>
>
> ------------------------------------------------------------------------------
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development. Create
> new or port existing apps to sell to consumers worldwide. Explore the
> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
> http://p.sf.net/sfu/intel-appdev
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
