Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Bernardo Damele A. G.]

Yes, not high priority but it would be an improvement. Please first verify
if the current code works with SELinux without modifications - I havent
tested it myself.

Bernardo


On Thursday, June 19, 2014, Brandon Perry <bperry.volat...@gmail.com> wrote:

> So, reading the source for the pgsql udf here:
>
>
> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c
>
> It looks like we mmap RWX memory in order to eval some commands. Was this
> tested on a machine with SELinux? In my experience, this actually fails to
> allocate when RWX is used as the permissions on the memory region (line
> 186).
>
> I have successfully gotten around this on some systems using a technique
> similar to that described at the bottom of this page (basically mapping two
> pointers to the same file, require FS access though…):
>
> http://www.akkadia.org/drepper/selinux-mem.html
>
> I am going to pull down the udfhack code and try it in a CentOS VM with
> SELinux enabled and see what happens. If it performs how I expect, would
> this be a useful addition to the UDF?
>
>
> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bperry.volat...@gmail.com
> <javascript:_e(%7B%7D,'cvml','bperry.volat...@gmail.com');>> wrote:
>
>> Hey Bernardo,
>>
>> Any update to this?
>>
>>
>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
>> bernardo.dam...@gmail.com
>> <javascript:_e(%7B%7D,'cvml','bernardo.dam...@gmail.com');>> wrote:
>>
>>> I will be fixing this shortly.
>>>
>>> Bernardo
>>>
>>>
>>> On Saturday, June 14, 2014, Brandon Perry <bperry.volat...@gmail.com
>>> <javascript:_e(%7B%7D,'cvml','bperry.volat...@gmail.com');>> wrote:
>>>
>>>> Hello!
>>>>
>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>>>> compiled/checked into source control.
>>>>
>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>>>> brandons-imac:sqlmap bperry$
>>>>
>>>> You can see that:
>>>>
>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>>>
>>>> is missing. This leads to the following error. Anything I can do to
>>>> help, let me know:
>>>>
>>>> what is the back-end database management system architecture?
>>>> [1] 32-bit (default)
>>>> [2] 64-bit
>>>> > 2
>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>>>
>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>>>> retry your run with the latest development version from the GitHub
>>>> repository. If the exception persists, please send by e-mail to '
>>>> sqlmap-users@lists.sourceforge.net' or open a new issue at '
>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>>> text and any information required to reproduce the bug. The developers will
>>>> try to reproduce the bug, fix it accordingly and get back to you.
>>>> sqlmap version: 1.0-dev-f558b80
>>>> Python version: 2.7.5
>>>> Operating system: posix
>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5
>>>> --risk=3 --dbms=postgresql -o --os-shell
>>>> Technique: TIME
>>>> Back-end DBMS: PostgreSQL (fingerprinted)
>>>> Traceback (most recent call last):
>>>>   File "./sqlmap.py", line 95, in main
>>>>     start()
>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py",
>>>> line 585, in start
>>>>     action()
>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>>>> 160, in action
>>>>     conf.dbmsHandler.osShell()
>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py",
>>>> line 80, in osShell
>>>>     self.initEnv(web=web)
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py",
>>>> line 198, in initEnv
>>>>     success = self.udfInjectSys()
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184,
>>>> in udfInjectSys
>>>>     return self.udfInjectCore(self.sysUdfs)
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149,
>>>> in udfInjectCore
>>>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>>>> "binary", forceCheck=True)
>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>>>> line 270, in writeFile
>>>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>>>> forceCheck)
>>>>   File
>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>>>> 37, in stackedWriteFile
>>>>     wFileSize = os.path.getsize(wFile)
>>>>   File
>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>>>> line 49, in getsize
>>>>     return os.stat(filename).st_size
>>>> OSError: [Errno 2] No such file or directory:
>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>>>
>>>> [*] shutting down at 22:48:43
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>
>>>
>>> --
>>> Bernardo Damele A. G.
>>>
>>> E-mail / Jabber: bernardo.damele (at) gmail.com
>>> Mobile: +447788962949 (UK 07788962949)
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users