Hi.
Can you please update to the latest revision and include --banner together
with --os-bof?
Kind regards,
Miroslav Stampar
On Sun, Dec 1, 2013 at 9:09 PM, Luis Rocha <luiscro...@gmail.com> wrote:
> Yes, its the following:
>
> ---
> Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
> Oct 14 2005 00:33:37
> Copyright (c) 1988-2005 Microsoft Corporation
> Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
> ---
>
> Thank you,
> Luis
>
>
> On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Hi.
>>
>> It seems that sqlmap was not able to parse "service pack" information
>> from retrieved banner.
>>
>> Can you please write back what do you get for --banner?
>>
>> Kind regards,
>> Miroslav Stampar
>>
>>
>> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <luiscro...@gmail.com> wrote:
>>
>>> Hello All,
>>>
>>> Since this is my first post I want to make sure that I write that sqlmap
>>> is a brilliant tool and congratulations to the devteam!
>>>
>>>
>>> I have a question that you might know. I am using sqlmap version
>>> 1.0-dev-cda27ec.
>>>
>>>
>>> Consider a victim system running Windows 2003 SP2 English version with
>>> HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on
>>> VMware Workstation.
>>>
>>>
>>> From the attacker I am trying to take advantage of the MS09-004 and when
>>> I try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx'
>>> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries
>>> --os-bof it generates an error:
>>>
>>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure
>>> buffer overflow because it does not have a valid return code for the
>>> underlying operating system (Windows 2003 Service Pack 0)
>>>
>>>
>>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw
>>> the following lines commented out:
>>>
>>> 2003 Service Pack 2 updated at 12/2008 (....)
>>>
>>> 2003 Service Pack 2 updated at 09/2009 (....)
>>>
>>>
>>> I remove the comment but still the same problem. ...the tool seems to
>>> determine that the OS does not contain any SP when in fact it has SP2...
>>>
>>>
>>> Any ideas?
>>>
>>>
>>> Thank you,
>>>
>>> Luis
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Rapidly troubleshoot problems before they affect your business. Most IT
>>> organizations don't have a clear picture of how application performance
>>> affects their revenue. With AppDynamics, you get 100% visibility into
>>> your
>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>> AppDynamics Pro!
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
