[VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
This video shows how easy it is to get root on a webserver.
We need only few tools. As first i will show you sqlmap+burpsuite and how you can use it. As secound we will create a lillte php backdoor to get a shell. And in the last part we will try to exploit the kernel to get root access on the machine. I hope you enjoy the video and give feed back.
Blip.tv-Link: http://pigtail23.blip.tv/file/5032728/
VMware-IMG: http://ds.mathematik.uni-marburg.de/.../vulnimage.zip
Local-Root Exploit Framework: http://www.grsecurity.net/~spender/enlightenment.tgz
best regards
edit:
-You need Sqlmap0.9-dev or >
-You can also login with User: blogger , Password:'OR 1=1-- -
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Thanx man,
great post :D
just downloaded the vmware image.
Altough in my case sqlmap doesn't detect the sql injection.
I followed your exact steps from the video.
output sqlmap: http://home.base.be/%72%68%69%6E%63%6B%78%74/1.html
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Quote:
Originally Posted by
LHYX1
try: ./sqlmap -l /root/sqli.txt --level=1 to 5 or set up the risk from 1 to 3 like --risk=2 or 3
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Doesn't work either :(
Code:
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --level=1
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
Usage: ./sqlmap.py [options]
sqlmap.py: error: no such option: --level
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --risk=1
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
Usage: ./sqlmap.py [options]
sqlmap.py: error: no such option: --risk
I checked the help. There's indeed no such option.
And I tried this about 10 times but each time sqlmap can't seem to find anything.
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
as first: thanks 4 the hole thanks :) . as secound:
Quote:
Originally Posted by
LHYX1
Doesn't work either :(
Code:
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --level=1
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
Usage: ./sqlmap.py [options]
sqlmap.py: error: no such option: --level
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --risk=1
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
Usage: ./sqlmap.py [options]
sqlmap.py: error: no such option: --risk
I checked the help. There's indeed no such option.
And I tried this about 10 times but each time sqlmap can't seem to find anything.
you need to update your sqlmap:
svn up /pentest/database/sqlmap/
the version must be 1.0-dev.
if this don't work try this:
1) cd /pentest/database/
2) rm -r sqlmap
3) svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Thanx a lot !!
Updated sqlmap and works fine now.
should have kown that I had to update.
My sqlmap was the standard that comes with Bt R2.
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
Nice one, but try to compress the vid less, it's barely readable at some times.
Re: [VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)
