Hello List, Miroslav,
Did you had any chance to further look into this?
thx
Luis
---------- Forwarded message ----------
From: Luis Rocha <luiscro...@gmail.com>
Date: Sun, Dec 1, 2013 at 10:47 PM
Subject: Re: [sqlmap-users] Ms09-004 on W2K3SP2
To: Miroslav Stampar <miroslav.stam...@gmail.com>
Thank you for your time Miroslav!
With the latest version : sqlmap/1.0-dev-59d667d ... when running with
--banner --os-bof, it produces the same output as before:
---
Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
Oct 14 2005 00:33:37
Copyright (c) 1988-2005 Microsoft Corporation
Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
---
(..)
[16:43:53] [CRITICAL] sqlmap can not exploit the stored procedure buffer
overflow because it does not have a valid return code for the underlying
operating system (Windows 2003 Service Pack 0)
[16:43:53] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 2 times
[*] shutting down at 16:43:53
Exception AttributeError: "'NoneType' object has no attribute 'error'" in
<bound method Popen.__del__ of <lib.core.subprocessng.Popen object at
0xa1c0bcc>> ignored
On Sun, Dec 1, 2013 at 10:25 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi.
>
> Please retry it now.
>
> Bye
>
>
> On Sun, Dec 1, 2013 at 9:54 PM, Luis Rocha <luiscro...@gmail.com> wrote:
>
>> Here you have:
>>
>> [15:52:47] [INFO] the back-end DBMS is Microsoft SQL Server
>> [15:52:47] [INFO] fetching banner
>> [15:52:47] [INFO] resumed: Microsoft SQL Server 2005 - 9.00.1399.06
>> (Intel X86) \n\tOct 14 2005 00:33:37 \n\tCopyright (c) 1988-2005 Microsoft
>> Corporation\n\tExpress Edition on Windows NT 5.2 (Build 3790: Service Pack
>> 2)\n
>>
>> [15:52:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev-663b1e7,
>> retry your run with the latest development version from the GitHub
>> repository. If the exception persists, please send by e-mail to '
>> sqlmap-users@lists.sourceforge.net' or open a new issue at '
>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>> text and any information required to reproduce the bug. The developers will
>> try to reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 1.0-dev-663b1e7
>> Python version: 2.6.5
>> Operating system: posix
>>
>> (..)
>>
>> Technique: BOOLEAN
>> Back-end DBMS: Microsoft SQL Server (fingerprinted)
>> Traceback (most recent call last):
>> File "./sqlmap.py", line 95, in main
>> start()
>> File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
>> 582, in start
>> action()
>> File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 32,
>> in action
>> setHandler()
>> File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line
>> 100, in setHandler
>> if handler.checkDbms():
>> File
>> "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/fingerprint.py",
>> line 73, in checkDbms
>> self.getBanner()
>> File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py",
>> line 59, in getBanner
>> bannerParser(kb.data.banner)
>> File "/pentest/database/sqlmap-dev/lib/parse/banner.py", line 114, in
>> bannerParser
>> parseXmlFile(paths.GENERIC_XML, handler)
>> File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1655, in
>> parseXmlFile
>> parse(stream, handler)
>> File "/usr/lib/python2.6/xml/sax/__init__.py", line 33, in parse
>> parser.parse(source)
>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 107, in parse
>> xmlreader.IncrementalParser.parse(self, source)
>> File "/usr/lib/python2.6/xml/sax/xmlreader.py", line 123, in parse
>> self.feed(buffer)
>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 207, in feed
>> self._parser.Parse(data, isFinal)
>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 301, in
>> start_element
>> self._cont_handler.startElement(name, AttributesImpl(attrs))
>> File "/pentest/database/sqlmap-dev/lib/parse/handler.py", line 73, in
>> startElement
>> self._feedInfo("sp", "Service Pack %s" %
>> self._match.group(int(self._sp)))
>> IndexError: no such group
>>
>> [*] shutting down at 15:52:47
>>
>>
>>
>> thx
>> Luis
>>
>>
>> On Sun, Dec 1, 2013 at 9:33 PM, Miroslav Stampar <
>> miroslav.stam...@gmail.com> wrote:
>>
>>> Hi.
>>>
>>> Can you please update to the latest revision and include --banner
>>> together with --os-bof?
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>>
>>> On Sun, Dec 1, 2013 at 9:09 PM, Luis Rocha <luiscro...@gmail.com> wrote:
>>>
>>>> Yes, its the following:
>>>>
>>>> ---
>>>> Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
>>>> Oct 14 2005 00:33:37
>>>> Copyright (c) 1988-2005 Microsoft Corporation
>>>> Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
>>>> ---
>>>>
>>>> Thank you,
>>>> Luis
>>>>
>>>>
>>>> On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar <
>>>> miroslav.stam...@gmail.com> wrote:
>>>>
>>>>> Hi.
>>>>>
>>>>> It seems that sqlmap was not able to parse "service pack" information
>>>>> from retrieved banner.
>>>>>
>>>>> Can you please write back what do you get for --banner?
>>>>>
>>>>> Kind regards,
>>>>> Miroslav Stampar
>>>>>
>>>>>
>>>>> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <luiscro...@gmail.com>wrote:
>>>>>
>>>>>> Hello All,
>>>>>>
>>>>>> Since this is my first post I want to make sure that I write that
>>>>>> sqlmap is a brilliant tool and congratulations to the devteam!
>>>>>>
>>>>>>
>>>>>> I have a question that you might know. I am using sqlmap version
>>>>>> 1.0-dev-cda27ec.
>>>>>>
>>>>>>
>>>>>> Consider a victim system running Windows 2003 SP2 English version
>>>>>> with HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with
>>>>>> MSSQL2005
>>>>>> on VMware Workstation.
>>>>>>
>>>>>>
>>>>>> From the attacker I am trying to take advantage of the MS09-004 and
>>>>>> when I try to execute the ./sqlmap.py -u '
>>>>>> http://vulnerable/page.aspx' --data=`cat data` --prefix="1', 1);"
>>>>>> --suffix="--" --fresh-queries --os-bof it generates an error:
>>>>>>
>>>>>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure
>>>>>> buffer overflow because it does not have a valid return code for the
>>>>>> underlying operating system (Windows 2003 Service Pack 0)
>>>>>>
>>>>>>
>>>>>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and
>>>>>> saw the following lines commented out:
>>>>>>
>>>>>> 2003 Service Pack 2 updated at 12/2008 (....)
>>>>>>
>>>>>> 2003 Service Pack 2 updated at 09/2009 (....)
>>>>>>
>>>>>>
>>>>>> I remove the comment but still the same problem. ...the tool seems to
>>>>>> determine that the OS does not contain any SP when in fact it has SP2...
>>>>>>
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Luis
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Rapidly troubleshoot problems before they affect your business. Most
>>>>>> IT
>>>>>> organizations don't have a clear picture of how application
>>>>>> performance
>>>>>> affects their revenue. With AppDynamics, you get 100% visibility into
>>>>>> your
>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
>>>>>> AppDynamics Pro!
>>>>>>
>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>>>>>> _______________________________________________
>>>>>> sqlmap-users mailing list
>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Miroslav Stampar
>>>>> http://about.me/stamparm
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>>
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
