Re: [sqlmap-users] Is xp_cmdshell actived? Why it isn't working?

Sun, 07 Dec 2014 11:33:53 -0800 

You have to redirect output to an output file and read it afterwards.
xp_cmdshell by itself doesn't return anything than the return code.

Bye
On Dec 7, 2014 8:31 PM, "Rodrigo Zanatta Silva" <
rodrigozanattasi...@gmail.com> wrote:

> You don't need just to have it activated?  You say I can't run the EXEC?
> Any other way to avoid it?
>
> Is there anything I can do? Humm. Come in mind to impersonate another user
> and pray they can do this.
>
> 2014-12-07 17:25 GMT-02:00 Miroslav Stampar <miroslav.stam...@gmail.com>:
>
>> No execution rights?
>>
>> Bye
>> On Dec 7, 2014 6:19 PM, "Rodrigo Zanatta Silva" <
>> rodrigozanattasi...@gmail.com> wrote:
>>
>>> Hi. I am doing a pen test in the Microsoft SQL Server 2008 R2 and I can
>>> see that the xp_cmdshell is active.
>>>
>>> IN the table *master.sys.configurations*, the column *value_in_use *show
>>> it is 1, so it is active!! But, every command that I tried to use didn't
>>> result any value. I just tried the most obvious:
>>>
>>> DECLARE @result int; EXEC @result = xp_cmdshell 'echo a'; IF (@result =
>>> 0) WAITFOR DELAY '00:01:00' ELSE WAITFOR DELAY '00:00:05'
>>>
>>> But it just waint 5 second. Any idea why this happens?
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>>> Get technology previously reserved for billion-dollar corporations, FREE
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to