SQLmap with metasploit
694 views
Skip to first unread message
NoWaR
May 1, 2016, 12:57:22 PM5/1/16
to PentestBox Forum
Hello,
How can we run Sqlmap with metasploit?
also anybody got an idea on how to upload shell via sqlmap with no user privilege.
i cant also find a writable directory, but i can browse and dump databases via sqlmap
Thanks
Aditya Agrawal
May 1, 2016, 1:23:00 PM5/1/16
to PentestBox Forum
Hi,
How this is related to PentestBox ?
Aditya
NoWaR
May 1, 2016, 1:28:33 PM5/1/16
to PentestBox Forum
theres an sqlmap command that you can use with metasploit but it says that it needs to be installed.
how can i install it in pentestbox? thanks
Aditya Agrawal
May 1, 2016, 1:35:41 PM5/1/16
to PentestBox Forum
What is that command ?
NoWaR
May 1, 2016, 1:38:11 PM5/1/16
to PentestBox Forum
this command:
sqlmap.py -u "http://192.168.136.129/sqlmap/mysql/iis/get_int_55.aspx?\ id=1" --os-pwn --msf-path /software/metasploit
Aditya Agrawal
May 1, 2016, 1:55:02 PM5/1/16
to PentestBox Forum
Okay.
For --os-pwn switch, we need to have pywin32 which is currently not installed on pentestbox.
Also that msfpath issue is a common issue with the windows users, sqlmap with metasploit officially do not support well. https://github.com/sqlmapproject/sqlmap/issues/1797
I will try to contact the developer on this issue.
Thanks for bringing this to my notice.
Aditya Agrawal
Aditya Agrawal
May 1, 2016, 2:09:38 PM5/1/16
to PentestBox Forum
Hi,
I just submitted that issue, i will comment if there any further reply from author of sqlmap.
Thanks
Aditya Agrawal
Aditya Agrawal
May 3, 2016, 2:07:23 AM5/3/16
to PentestBox Forum
Please have a look at comment by sqlmap author. https://github.com/sqlmapproject/sqlmap/issues/1832#issuecomment-216124525
Reply all
Reply to author
Forward
0 new messages