Open up a netcat listener and make xp_cmdshell telnet into it as a test.
On Sunday, December 7, 2014, Rodrigo Zanatta Silva <
rodrigozanattasi...@gmail.com> wrote:
> yeah... but... What I did make sense? I tested and for any value it only
> delay for the else value.
>
> I can't read any file until now. Everything I did fail.
>
> Is there another way to check if the xp_cmdshell is really working? I am
> out of idea now.
>
> 2014-12-07 17:32 GMT-02:00 Miroslav Stampar <miroslav.stam...@gmail.com
> <javascript:_e(%7B%7D,'cvml','miroslav.stam...@gmail.com');>>:
>
>> You have to redirect output to an output file and read it afterwards.
>> xp_cmdshell by itself doesn't return anything than the return code.
>>
>> Bye
>> On Dec 7, 2014 8:31 PM, "Rodrigo Zanatta Silva" <
>> rodrigozanattasi...@gmail.com
>> <javascript:_e(%7B%7D,'cvml','rodrigozanattasi...@gmail.com');>> wrote:
>>
>>> You don't need just to have it activated? You say I can't run the EXEC?
>>> Any other way to avoid it?
>>>
>>> Is there anything I can do? Humm. Come in mind to impersonate another
>>> user and pray they can do this.
>>>
>>> 2014-12-07 17:25 GMT-02:00 Miroslav Stampar <miroslav.stam...@gmail.com
>>> <javascript:_e(%7B%7D,'cvml','miroslav.stam...@gmail.com');>>:
>>>
>>>> No execution rights?
>>>>
>>>> Bye
>>>> On Dec 7, 2014 6:19 PM, "Rodrigo Zanatta Silva" <
>>>> rodrigozanattasi...@gmail.com
>>>> <javascript:_e(%7B%7D,'cvml','rodrigozanattasi...@gmail.com');>> wrote:
>>>>
>>>>> Hi. I am doing a pen test in the Microsoft SQL Server 2008 R2 and I
>>>>> can see that the xp_cmdshell is active.
>>>>>
>>>>> IN the table *master.sys.configurations*, the column *value_in_use *show
>>>>> it is 1, so it is active!! But, every command that I tried to use didn't
>>>>> result any value. I just tried the most obvious:
>>>>>
>>>>> DECLARE @result int; EXEC @result = xp_cmdshell 'echo a'; IF (@result
>>>>> = 0) WAITFOR DELAY '00:01:00' ELSE WAITFOR DELAY '00:00:05'
>>>>>
>>>>> But it just waint 5 second. Any idea why this happens?
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>>>> from Actuate! Instantly Supercharge Your Business Reports and
>>>>> Dashboards
>>>>> with Interactivity, Sharing, Native Excel Exports, App Integration &
>>>>> more
>>>>> Get technology previously reserved for billion-dollar corporations,
>>>>> FREE
>>>>>
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sqlmap-users@lists.sourceforge.net
>>>>> <javascript:_e(%7B%7D,'cvml','sqlmap-users@lists.sourceforge.net');>
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
