elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Security Series.XSS. [Cross Site Scripting]


+  Foro de elhacker.net
|-+  Sistemas Operativos
| |-+  GNU/Linux (Moderador: MinusFour)
| | |-+  Tengo problemas con sqlmap en linux y windows
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: Tengo problemas con sqlmap en linux y windows  (Leído 8,785 veces)
joseph Lovato

Desconectado Desconectado

Mensajes: 3


Ver Perfil
Tengo problemas con sqlmap en linux y windows
« en: 24 Febrero 2012, 11:14 am »

Hola buenas soy nuevo en el foro  ::) y  no se si me podrían ayudar cuando quiero  injectar con sqlmap en alguna pagina me sale este error ya los probé con varias paginas ,pero sale igual  .  OJO: no quiero hacer ningunas maldades XD solo estoy probando     :rolleyes:


EN linux usando proxy y tambien lo eh probrado sin el  , con vpn .Nota :los proxy y los vpn andan bn


cd /pentest/web/scanners/sqlmap


cd /pentest/database/sqlmap/


./sqlmap.py --proxy http://217.196.113.81:8080 -u  http://www.bibliotecayacucho.gob.ve/fba/index.php?id=103 --dbs

y me sale este error:

------------------------------------------------------------------------

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

  • starting at: 06:08:00
[06:08:01] [INFO] using '/pentest/database/sqlmap/output/www.bibliotecayacucho.gob.ve/session' as session file
[06:08:01] [INFO] testing connection to the target url
[06:08:25] [INFO] testing if the url is stable, wait a few seconds
[06:08:29] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:08:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:08:53] [INFO] url is stable
[06:08:53] [INFO] testing if GET parameter 'id' is dynamic
[06:08:57] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:02] [INFO] heuristics detected web page charset 'ascii'
[06:09:02] [INFO] confirming that GET parameter 'id' is dynamic
[06:09:03] [INFO] GET parameter 'id' is dynamic
[06:09:06] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[06:09:06] [INFO] testing sql injection on GET parameter 'id'
[06:09:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[06:09:16] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:09:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:39] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:09:47] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:06] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[06:10:20] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:28] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:31] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[06:10:36] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:38] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:10:49] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:50] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:10:54] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:58] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:08] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:11:08] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[06:11:17] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[06:11:24] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:28] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:29] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:34] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[06:11:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[06:11:56] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[06:11:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:11:56] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minutes and rerun without flag T in --technique option (e.g. --flush-session --technique=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2)
[06:11:58] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:07] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[06:12:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:12:16] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:23] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[06:12:27] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:32] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:12:37] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[06:12:38] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:49] [INFO] testing 'Oracle AND time-based blind'
[06:12:50] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:55] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[06:13:14] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:23] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:35] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:42] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:46] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:10] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:19] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:14:57] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:01] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:06] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:45] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:16:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:16:43] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:17:56] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[06:18:03] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:17] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[06:18:17] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS
[06:18:21] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:24] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:26] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:18:27] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:34] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:57] [INFO] target url appears to be UNION injectable with 2 columns
[06:19:07] [WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
[06:19:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:19:21] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:19:30] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:01] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:03] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:09] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:14] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:20:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:20:17] [INFO] target url appears to be UNION injectable with 10 columns
[06:20:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:25] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:35] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:44] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:55] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:21:15] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:20] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:23] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:36] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:37] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:42] [WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
[06:21:51] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:22:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:22:07] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:22:10] [WARNING] GET parameter 'id' is not injectable
[06:22:10] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

  • shutting down at: 06:22:10

----------------------------------------------------------------------------



Lo probé con windows tambien y me sale el mismo error

AHora en windows sin proxy haber si sale tengo python 2.7 lo probe y igual el mismo error


C:\sqlmap>sqlmap.py -u http://www.fivemusic.net/evento.php?id=4 --dbs

y me sale esto

----------------------------------------------------------------------------

C:\sqlmap>sqlmap.py -u http://www.fivemusic.net/evento.php?id=4 --dbs

    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

  • starting at: 05:57:05
[05:57:05] [INFO] using 'C:\sqlmap\output\www.fivemusic.net\session' as session
file
[05:57:06] [INFO] testing connection to the target url
[05:57:07] [INFO] testing if the url is stable, wait a few seconds
[05:57:09] [INFO] url is stable
[05:57:09] [INFO] testing if GET parameter 'id' is dynamic
[05:57:10] [WARNING] GET parameter 'id' is not dynamic
[05:57:11] [WARNING] heuristic test shows that GET parameter 'id' might not be i
njectable
[05:57:11] [INFO] testing sql injection on GET parameter 'id'
[05:57:11] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[05:57:44] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[05:58:15] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[05:59:18] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[05:59:56] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[05:59:58] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[06:00:57] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[06:00:59] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o
r HAVING clause'
[06:01:30] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[06:02:02] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[06:02:08] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT
ype)'
[06:03:01] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[06:03:32] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
 going to retry the request
[06:03:50] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[06:04:00] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[06:04:06] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[06:04:12] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[06:04:18] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[06:04:23] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[06:04:25] [INFO] testing 'Oracle AND time-based blind'
[06:04:31] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[06:05:23] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[06:05:23] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[06:06:13] [WARNING] GET parameter 'id' is not injectable
[06:06:13] [CRITICAL] all parameters are not injectable, try to increase --level
/--risk values to perform more tests. Rerun without providing the --technique sw
itch. Give it a go with the --text-only switch if the target page has a low perc
entage of textual content (~1.52% of page content is text)

  • shutting down at: 06:06:13

C:\sqlmap>

----------------------------------------------------------------------


A que se debe es que tengo que configurar el sqlmap en sqlmap.conf o algo y como lo hago XD  , no se xq me sale eso la vd   
.Bueno espero que me ayuden y haber a quien le ha pasado y lo haya solucionado  para que me eche una mano xq no encuentro nada en google o no sabre buscar bn  XD  .Espero que me ayuden .saludos



En línea

joseph Lovato

Desconectado Desconectado

Mensajes: 3


Ver Perfil
Re: Tengo problemas con sqlmap en linux y windows
« Respuesta #1 en: 24 Febrero 2012, 14:05 pm »

segui intentando en  linux  , pero sale esto

./sqlmap.py -u  "http://www.bibliotecayacucho.gob.ve/fba/index.php?id=103" --dbs  --proxy http://41.75.201.207:80


me sale esto :


 sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

  • starting at: 07:54:40
[07:54:40] [INFO] using '/pentest/database/sqlmap/output/www.bibliotecayacucho.gob.ve/session' as session file
[07:54:40] [INFO] testing connection to the target url
[07:54:41] [INFO] testing if the url is stable, wait a few seconds
[07:54:43] [INFO] url is stable
[07:54:43] [INFO] testing if GET parameter 'id' is dynamic
[07:54:43] [INFO] heuristics detected web page charset 'ascii'
[07:54:43] [INFO] confirming that GET parameter 'id' is dynamic
[07:54:44] [INFO] GET parameter 'id' is dynamic
[07:54:45] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[07:54:45] [INFO] testing sql injection on GET parameter 'id'
[07:54:45] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:54:55] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[07:54:59] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[07:55:02] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[07:55:09] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[07:55:13] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[07:55:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[07:55:20] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[07:55:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[07:55:29] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[07:55:38] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[07:56:12] [INFO] GET parameter 'id' is 'Microsoft SQL Server/Sybase time-based blind' injectable
[07:56:12] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[07:56:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

  • shutting down at: 07:57:03



Que quiere decir

[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

y porq no injecta el sqlmap ?  :huh:  alguien me podria ayudar  :rolleyes:


En línea

Servia


Desconectado Desconectado

Mensajes: 347


Ver Perfil
Re: Tengo problemas con sqlmap en linux y windows
« Respuesta #2 en: 5 Marzo 2012, 16:05 pm »

Que quiere decir

[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

y porq no injecta el sqlmap ?  :huh:  alguien me podria ayudar  :rolleyes:


Si no sabes inglés lo tienes complicado para usar cualquier cosa en linux :S
Fíjate en los warnings:
[07:57:03] [WARNING] false positive injection point detected = Pensó que era inyectable pero no.
[07:57:03] [WARNING] GET parameter 'id' is not injectable     = Te dice que el campo id del GET no es inyectable.

En línea

Foxy Rider


Desconectado Desconectado

Mensajes: 2.407


Deprecated


Ver Perfil WWW
Re: Tengo problemas con sqlmap en linux y windows
« Respuesta #3 en: 9 Marzo 2012, 05:39 am »

1) Esto  vá en Hacking Linux/Unix
2) publicaste los detalles del comando como el proxy que usás ... lo cual queda en logs, así como este post en google, y pueden enviar tranquilamente una orden a el-brujo pidiendo tu verdadera IP, y dudo que diga que no
3) Dudo que alguien te ayude a usar una tool que siquiera sabés usar para algo como esto...

Saludos.
« Última modificación: 9 Marzo 2012, 05:42 am por vertexSymphony » En línea

terito

Desconectado Desconectado

Mensajes: 9


Ver Perfil
Re: Tengo problemas con sqlmap en linux y windows
« Respuesta #4 en: 10 Abril 2012, 17:39 pm »


lovato mira mis post
a ver si algo podemos solucionar

 = estamos

 att
   teresa
En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines