Yes, its the following:
---
Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
Oct 14 2005 00:33:37
Copyright (c) 1988-2005 Microsoft Corporation
Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
---
Thank you,
Luis
On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar <miroslav.stam...@gmail.com
> wrote:
> Hi.
>
> It seems that sqlmap was not able to parse "service pack" information from
> retrieved banner.
>
> Can you please write back what do you get for --banner?
>
> Kind regards,
> Miroslav Stampar
>
>
> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <luiscro...@gmail.com> wrote:
>
>> Hello All,
>>
>> Since this is my first post I want to make sure that I write that sqlmap
>> is a brilliant tool and congratulations to the devteam!
>>
>>
>> I have a question that you might know. I am using sqlmap version
>> 1.0-dev-cda27ec.
>>
>>
>> Consider a victim system running Windows 2003 SP2 English version with
>> HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on
>> VMware Workstation.
>>
>>
>> From the attacker I am trying to take advantage of the MS09-004 and when
>> I try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx'
>> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries
>> --os-bof it generates an error:
>>
>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure buffer
>> overflow because it does not have a valid return code for the underlying
>> operating system (Windows 2003 Service Pack 0)
>>
>>
>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw
>> the following lines commented out:
>>
>> 2003 Service Pack 2 updated at 12/2008 (....)
>>
>> 2003 Service Pack 2 updated at 09/2009 (....)
>>
>>
>> I remove the comment but still the same problem. ...the tool seems to
>> determine that the OS does not contain any SP when in fact it has SP2...
>>
>>
>> Any ideas?
>>
>>
>> Thank you,
>>
>> Luis
>>
>>
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
>> Pro!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
