I wish it were so easy. I tried with and without quotes and also specifying --dbms=Oracle
I'll clone the github version and try that in case the Kali version is somehow screwed up.
Maybe you forgot the quotes ?python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --banner --dbs --users
On Mon, Oct 21, 2013 at 8:17 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote:
Hi.sqlmap supports it. Sample console output:$ python sqlmap.py -d "oracle://SYSTEM:testpass@192.168.5.27:1521/testdb" -v 5 --bannersqlmap/1.0-dev-8dac47f - automatic SQL injection and database takeover tool[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 20:15:37[20:15:37] [DEBUG] cleaning up configuration parameters[20:15:37] [DEBUG] forcing timeout to 10 seconds[20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 established[20:15:37] [INFO] the back-end DBMS is Oracle[20:15:37] [INFO] fetching banner[20:15:37] [PAYLOAD] SELECT NVL(CAST(banner AS VARCHAR(4000)),' ') FROM v$version WHERE ROWNUM=1back-end DBMS: Oraclebanner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'[20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 closed[*] shutting down at 20:15:37Could you please check that you run the latest revision from the Github repository and try to run it with -v 5? Strange thing with your case is "sqlmap was not able to fingerprint..." while there is no fingerprinting in sqlmap's direct mode (at least in HEAD revision).Kind regards,Miroslav Stampar--
On Mon, Oct 21, 2013 at 7:24 PM, Brian Milliron <br...@ecrsecurity.com> wrote:
Using sqlmap on a recently updated Kali installation, I tried to connect
to an Oracle db using this command:
sqlmap -d Oracle://user:pass@10.10.10.10:1521/SID
I get the error message "[CRITICAL] sqlmap was not able to fingerprint
the back-end database management system. Support for this DBMS will be
implemented at some point.
The wiki on github states that Oracle is supported for direct
connections, so there is some confusion here. Wireshark confirms no
attempt to connect to the server is made at all and the syntax of the
command appears correct. Can you confirm whether sqlmap currently
supports direct connections to Oracle databases or if there is some
other problem?
--
Brian Milliron, CEO
ECR Security
http://www.ECRSecurity.com
512-422-5408
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
Yoan AGOSTINI
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
