Hi.
It seems that sqlmap was not able to parse "service pack" information from
retrieved banner.
Can you please write back what do you get for --banner?
Kind regards,
Miroslav Stampar
On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <luiscro...@gmail.com> wrote:
> Hello All,
>
> Since this is my first post I want to make sure that I write that sqlmap
> is a brilliant tool and congratulations to the devteam!
>
>
> I have a question that you might know. I am using sqlmap version
> 1.0-dev-cda27ec.
>
>
> Consider a victim system running Windows 2003 SP2 English version with HAL
> version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on
> VMware Workstation.
>
>
> From the attacker I am trying to take advantage of the MS09-004 and when I
> try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx'
> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries
> --os-bof it generates an error:
>
> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure buffer
> overflow because it does not have a valid return code for the underlying
> operating system (Windows 2003 Service Pack 0)
>
>
> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw
> the following lines commented out:
>
> 2003 Service Pack 2 updated at 12/2008 (....)
>
> 2003 Service Pack 2 updated at 09/2009 (....)
>
>
> I remove the comment but still the same problem. ...the tool seems to
> determine that the OS does not contain any SP when in fact it has SP2...
>
>
> Any ideas?
>
>
> Thank you,
>
> Luis
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
