Hi Chris, On 21 December 2011 14:56, Chris Oakley <christopher.oak...@gmail.com> wrote: > Hi All > > I have a time based blind injection on a machine running Windows Server > 2003, IIS 6 and SQL Server 2000. The user is running as DBA. I should be > able to enable xp_cmdshell, and indeed:
Indeed. > ... > As you can see, no output is returned (is this because of the injection type > I wonder?). No, it has nothing to do with the injection type. SQL payloads used by sqlmap has been written and the core has been engineered in a way that regardless of the technique used, sqlmap is able to retrieve the queries' output. The issue is somewhere else. > I've tried the various out of bounds methods with BT and msf too, but this > seems to fail at various stages. > > Could it be that the database server is separate from the web server and is > totally isolated from the outside world by egress rules? This could be, but it looks to me that you're mixing xp_cmdshell/bug with network rules. I think that the issue here is about xp_cmdshell. Could you please relaunch with -v 3 --parse-errors -t traffic.log and send us (privately if you prefer) the whole output and the log file? Thank you. Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
