Metasploit mailing list archives
wmap scan does not execute wmap_sqlmap or wmap_xpath
From: hijacka at googlemail.com (sven)
Date: Fri, 12 Jun 2009 12:16:42 +0200
Hi all, first of all, a lot of text will follow - so don't blame me for this please ;) I would like to automate some wmap scans and I came to a problem that at least the wmap_sqlmap and the wmap_xpath is not executed. As you can see below, the wmap_blind_sql_query is executed correctly - when I configure wmap_sqlmap manually it works like a charme, but it seems like it never executed within wmap dbs: # msfconsole resource> db_driver sqlite3 [*] Using database driver sqlite3 resource> db_create /tmp/meta.db [*] Creating a new database instance... [*] Successfully connected to the database [*] File: /tmp/meta.db resource> load db_wmap [*] =[ WMAP v0.3 - ET LoWNOISE [*] Successfully loaded plugin: db_wmap resource> set SQLMAP_PATH /pentest-dev/sqlmap/sqlmap.py SQLMAP_PATH => /pentest-dev/sqlmap/sqlmap.py resource> set VHOST 1.1.1.1 VHOST => 1.1.1.1 resource> set DOMAIN 0 DOMAIN => 0 resource> set RHOSTS 1.1.1.1 RHOSTS => 1.1.1.1 resource> set RPORT 80 RPORT => 80 resource> set SSL FALSE SSL => FALSE resource> set THREADS 30 THREADS => 30 resource> set FORMAT Aaa FORMAT => Aaa resource> set EXT .php EXT => .php resource> set DICTIONARY /pentest-dev/metasploit-dev/data/wmap/ wmap_dirs.txt DICTIONARY => /pentest-dev/metasploit-dev/data/wmap/wmap_dirs.txt msf > wmap_targets -r [*] Added. 1.1.1.1 80 0 msf > wmap_targets -s 1 msf > wmap_website [*] Website structure [*] 1.1.1.1:80 SSL:0 ROOT_TREE | sql | +------6__members.php | +------3__viewprofile.php | +------1__finduser.php | +------C__search.php | src | +------email.txt +------favicon.ico [*] Done. msf > wmap_run -e /tmp/batch.rc [*] Using profile /tmp/batch.rc. [*] Launching auxiliary/scanner/http/frontpage_login WMAP_SERVER against 1.1.1.1:80 [*] http://1.1.1.1:80/ may not support FrontPage Server Extensions [*] Launching auxiliary/admin/http/tomcat_manager WMAP_SERVER against 1.1.1.1:80 [*] Launching auxiliary/scanner/http/wmap_ssl_vhost WMAP_SERVER against 1.1.1.1:80 [*] Error: 1.1.1.1: unknown protocol [*] Launching auxiliary/scanner/http/version WMAP_SERVER against 1.1.1.1:80 [*] 1.1.1.1 is running Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch [*] Launching auxiliary/scanner/http/wmap_verb_auth_bypass WMAP_SERVER against 1.1.1.1:80 [*] 1.1.1.1 No requires authentication. / 200 [*] Launching auxiliary/scanner/http/wmap_ssl WMAP_SERVER against 1.1.1.1:80 [-] SSL set to false [*] Launching auxiliary/scanner/http/options WMAP_SERVER against 1.1.1.1:80 [*] No options. [*] Launching auxiliary/scanner/http/wmap_vhost_scanner WMAP_SERVER against 1.1.1.1:80 [*] Sending request with random domain kqNNT.0 ... [*] Launching auxiliary/scanner/http/frontpage WMAP_SERVER against 1.1.1.1:80 [*] http://1.1.1.1:80 is running Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch [*] FrontPage not found on http://1.1.1.1:80 [404 Not Found] [*] Launching auxiliary/admin/http/tomcat_administration WMAP_SERVER against 1.1.1.1:80 [*] Launching auxiliary/scanner/http/wmap_webdav_scanner WMAP_SERVER against 1.1.1.1:80 [*] 1.1.1.1 (Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.1 with Suhosin-Patch) WebDAV disabled. [*] Launching auxiliary/scanner/http/wmap_prev_dir_same_name_file WMAP_DIR / against 1.1.1.1:80... [-] Blank or default PATH set. [*] Launching auxiliary/scanner/http/wmap_prev_dir_same_name_file WMAP_DIR /sql/ against 1.1.1.1:80... ... [*] Found http://1.1.1.1:80/sql.tar [*] Found http://1.1.1.1:80/sql.tar.gz ... [*] Launching auxiliary/scanner/http/wmap_prev_dir_same_name_file WMAP_DIR /src/ against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_dir_scanner WMAP_DIR / against 1.1.1.1:80... [*] Using code '404' as not found. [*] Found http://1.1.1.1:80/cgi-bin/ 404 (1.1.1.1) [*] Found http://1.1.1.1:80/doc/ 404 (1.1.1.1) [*] Found http://1.1.1.1:80/icons/ 200 (1.1.1.1) [*] Found http://1.1.1.1:80/sql/ 404 (1.1.1.1) [*] Found http://1.1.1.1:80/src/ 404 (1.1.1.1) [*] Launching auxiliary/scanner/http/wmap_dir_scanner WMAP_DIR /sql/ against 1.1.1.1:80... [*] Using code '404' as not found. [*] Found http://1.1.1.1:80/sql/index/ 404 (1.1.1.1) [*] Launching auxiliary/scanner/http/wmap_dir_scanner WMAP_DIR /src/ against 1.1.1.1:80... [*] Using code '404' as not found. [*] Launching auxiliary/scanner/http/wmap_dir_listing WMAP_DIR / against 1.1.1.1:80... [*] Launching auxiliary/scanner/http/wmap_dir_listing WMAP_DIR /sql/ against 1.1.1.1:80... [*] Launching auxiliary/scanner/http/wmap_dir_listing WMAP_DIR /src/ against 1.1.1.1:80... [*] Found Directory Listing http://1.1.1.1:80/src/ [*] Launching auxiliary/scanner/http/wmap_file_same_name_dir WMAP_DIR / against 1.1.1.1:80... [-] Blank or default PATH set. [*] Launching auxiliary/scanner/http/wmap_file_same_name_dir WMAP_DIR /sql/ against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_file_same_name_dir WMAP_DIR /src/ against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_files_dir WMAP_DIR / against 1.1.1.1:80... [*] Launching auxiliary/scanner/http/wmap_files_dir WMAP_DIR /sql/ against 1.1.1.1:80... [*] Found http://1.1.1.1:80/sql/index.php [*] Launching auxiliary/scanner/http/wmap_files_dir WMAP_DIR /src/ against 1.1.1.1:80... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /sql/6__members.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /sql/3__viewprofile.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /sql/1__finduser.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /sql/C__search.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /src/email.txt against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_backup_file WMAP_FILE /favicon.ico against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /sql/6__members.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /sql/3__viewprofile.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /sql/1__finduser.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /sql/C__search.php against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /src/email.txt against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/wmap_copy_of_file WMAP_FILE /favicon.ico against 1.1.1.1:80... ... [*] Launching auxiliary/scanner/http/writable WMAP_DIR / against 1.1.1.1:80... [*] Upload failed on http://1.1.1.1:80 [405 Method Not Allowed] [*] Launching auxiliary/scanner/http/writable WMAP_DIR /sql/ against 1.1.1.1:80... [*] Upload succeeded on http://1.1.1.1:80/sql/ [200] [*] Launching auxiliary/scanner/http/writable WMAP_DIR /src/ against 1.1.1.1:80... [*] Upload failed on http://1.1.1.1:80 [405 Method Not Allowed] [*] Launching auxiliary/scanner/http/wmap_blind_sql_query WMAP_UNIQUE_QUERY against 1.1.1.1:80 [*] - Testing 'numeric' Parameter u: [*] NOT Vulnerable sql/1__finduser.php parameter u [*] - Testing 'single quotes' Parameter u: [*] NOT Vulnerable sql/1__finduser.php parameter u [*] - Testing 'double quotes' Parameter u: [*] NOT Vulnerable sql/1__finduser.php parameter u ... msf > The content of /tmp/batch.rc is: wmap_backup_file wmap_blind_sql_query wmap_copy_of_file wmap_dir_listing wmap_dir_scanner wmap_file_same_name_dir wmap_files_dir wmap_generic_email_extract wmap_prev_dir_same_name_file wmap_sqlmap wmap_ssl wmap_ssl_vhost wmap_verb_auth_bypass wmap_vhost_scanner wmap_webdav_scanner frontpage frontpage_login options version wmap_xpath writable tomcat_manager tomcat_administration - So if anybody read the big big big text through this :) ... any ideas what it could be, or how to debug this? cheers sven P.S.: Some Version Info (metasploit revision 6636, sqlmap revision 804 0.7rc2, python 2.4.3, ruby 1.8.5)
Current thread:
- wmap scan does not execute wmap_sqlmap or wmap_xpath pUm (Jun 10)
- <Possible follow-ups>
- wmap scan does not execute wmap_sqlmap or wmap_xpath sven (Jun 12)