Results 1 to 4 of 4

Thread: SQLninja help: the server responded with HTTP/1.1 302 Found !

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    42

    Default SQLninja help: the server responded with HTTP/1.1 302 Found !

    Hi !

    I get this error when i want to test SQLninja on my own server.
    [-] Warning... the server responded with HTTP/1.1 302 Found
    Check configuration, as things might not be working as expected !
    What i am doing wrong ?

    How i should modify the configuration file of sqlninja in order to work fine ?


    Thank you !

  2. #2
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: SQLninja help: the server responded with HTTP/1.1 302 Found !

    He has edited the file sqlninja.conf?
    Be even more detailed!
    I recommend reading the sqlninja-howto.html.

    Regards,
    (gdb) disass m(y_br)ain

    ®

  3. #3
    Junior Member
    Join Date
    Aug 2010
    Posts
    42

    Default Re: SQLninja help: the server responded with HTTP/1.1 302 Found !

    ###################################
    # SQLNINJA CONFIGURATION FILE #
    ###################################

    # WARNING 1: options are case sensitive
    # WARNING 2: don't forget to URL-encode, when needed. This applies to:
    # - page
    # - stringstart
    # - stringend
    # see sqlninja-howto.html for more information and examples

    # Host (required)
    # host = x.x.x.x
    host = CENSORED BY MYSELF

    # Port (optional, default: 80)
    port = 80

    # Use SSL (yes/no/auto. Default: no)
    # ssl = auto
    ssl = no

    # Method to use (optional, default: GET)
    method = POST
    #method = GET

    # Vulnerable page (e.g.: /dir/target.asp)
    # page = /somepage.asp
    page = /isr/index.php

    # Start of the exploit string. It must include the vulnerable parameter
    # and the character sequence that allows us to start injecting commands. In
    # general this means, at least:
    # - an apostrophe (if the parameter is a string)
    # - a semicolon (to end the original query)
    # It must also include everything necessary to properly close the original
    # query, like an appropriate number of closing brackets. Don't forget
    # to URL-encode, where needed (e.g. spaces)
    # For instance, if we consider the following TSQL command:
    # exec master..xp_cmdshell 'dir c:\'
    # and the string to inject is the following:
    # aaa=1&bbb=x';exec+master..xp_cmdshell+'dir+c:'
    # this parameter should look like this:
    # stringstart = aaa=1&bbb=x';
    #stringstart = id=1;
    stringstart = %3Fquery%3D1%26in%3D0%26search%3DSearch%25273B

    # If you need to add some more parameters after the vulnerable one, put
    # them here (don't forget the leading "&" sign). This option can also be
    # used when commenting the rest of the original query does not work and you
    # need to add some SQL code instead. If this is the case, you need to set
    # "appendcomment" option to "no". Don't forget the leading "&" sign and
    # to URL-encode, where needed.
    # e.g.: stringend = &param3=aaa
    stringend = &cb=bb80567a23

    # Local host: your IP address (for backscan and revshell modes)
    lhost = CENSORED

    # Interface to sniff when in backscan mode
    device = eth0

    # Evasion techniques to be used. Possible choices are:
    # 1 - Query hex-encoding
    # 2 - Comments as separators
    # 3 - Random case
    # 4 - Random URI encoding
    # All techniques can be combined, so the following is legal:
    # evasion = 1234
    # However, keep in mind that using too many techniques at once leads to very
    # long queries, that might create problems when using GET. Default: no evasion
    # evasion = 12

    # Path to metasploit executable. Only needed if msfpayload and
    # msfcli are not already in the path
    #msfpath = /home/sqlninja/trunk/
    msfpath = /pentest/exploits/framework3

    # Encoder to use with msfencode. If the option is not present, no encoding
    # is used. However, it's definitely recommended to use it, if you suspect that
    # an AV is present. A list of available encoders can be retrieved by simply
    # running "msfencoder -l"
    # msfencoder = x86/shikata_ga_nai

    # Number of times to encode the metasploit payload. Default: 5
    # msfencodecount = 5

    # If you can execute commands but SQL Server does not run as SYSTEM,
    # you can use churrasco.exe to steal the appropriate token and escalate
    # privileges. Enable this option to use churrasco.exe before executing
    # a command. This is especially useful with the metasploit module and VNC
    # Obviously, you first need to upload churrasco.exe using
    # the upload module!
    # usechurrasco = yes

    # Proxy host to use (default: none)
    # proxyhost = 127.0.0.1

    # Proxy port to use (default: 8080)
    # proxyport = 8080

    # Additional headers to include into the request. E.g.:
    # Host: Test.com Web Based Testing and Certification Software v2.0
    # Connection: close
    # Cookie: ASPSESSIONID=xxxxxxxxxxxxxxxxxxxx
    # Authorization: Basic yyyyyyyyyyyyyyyyyyyyy
    # Important: Do not remove "--headers_start--" and "--headers_end--"
    --headers_start--
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060418 Firefox/1.0.8
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.7,it;q=0.3
    Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
    Content-Type: application/x-www-form-urlencoded
    Connection: close
    --headers_end--

    # Domain to use for dnstunnel mode
    domain = sqlninja.net

    # tcpdump filter (optional)
    # filter = src host x.x.x.x

    # Backscan timeout after web request conclusion (Default: 5 secs)
    timeout = 30

    # Maximum hostname length for DNS tunnel (Max: 250 - Default: 250)
    hostnamelength = 250

    # IP address to return to DNS queries (default: 10.255.255.254)
    # resolvedip = 10.255.255.254

    # Name of the procedure to use/create to launch commands. Default is
    # "xp_cmdshell". If set to "NULL", openrowset+sp_oacreate will be used
    # for each command
    # xp_name = xp_cmdshell

    # Time value for the WAITFOR during inference attack of fingerprint and
    # bruteforce mode. A higher value makes things slower but will yeld more
    # precise results against slow targets.
    # Min: 3 seconds. Max: 59 seconds. Default: 5 seconds
    blindtime = 5

    # Number of script lines to upload with a single HTTP request. A higher number
    # obviously means a faster upload. However, do not push this too high if your
    # request contains very long parameters. Maximum is 30, and 10 is a default
    # safe value providing already a good speed
    # lines_per_request = 10

    # If the remote server returns a custom error page instead of a standard
    # HTTP error code (e.g. 500 Server Error), it is wise to set this value to
    # some string that is present in such a page. This will help sqlninja in
    # figuring out if things seem to be wrong
    # errorstring = "an error has occurred"
    errorstring = "Warning: mysql_num_rows()"

    # By default, sqlninja appends two hyphens to the injected query in order
    # to comment out any spurious SQL code. This is good and works in
    # approximately 99% of the cases. However, you might want to change this
    # behavior in some very specific scenarios. Change this setting only if you
    # really know what you are doing,
    # Possible values: yes/no
    # appendcomment = yes

    # By default, sqlninja uses HTTP version 1.0, which should be ok for
    # pretty much all webservers out there. If for some reason you need to
    # use HTTP 1.1, specify it here.
    # In case you use HTTP 1.1, add a "Connection: close" header in the
    # headers section of the configuration file
    # httpversion = 0

    # When using the Metasploit module DEP is not a problem anymore, since in
    # all recent versions of the framework the stager will take care of it by
    # itself. However, if needed you can still roll back to the old sqlninja
    # behavior and disable DEP by whitelisting the stager with a call to
    # xp_regwrite. To do so, set 'checkdep' to 'yes'
    # checkdep = no
    This is the configuration file. It is well done ? What i am doing wrong ?

    Thank you !

  4. #4
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: SQLninja help: the server responded with HTTP/1.1 302 Found !

    Review the settings:

    Code:
    root@bt:/pentest/database/sqlninja# mv sqlninja.conf sqlninja.conf-bkp
    And then:

    Code:
    root@bt:/pentest/database/sqlninja# ./sqlninja -m test
    Sqlninja rel. 0.2.5
    Copyright (C) 2006-2010 icesurfer <r00t@northernfortress.net>
    [-] sqlninja.conf does not exist. You want to creat it now ? [y/n]
    > y
    ...snip...
    Follow supplementing the information.

    See sqlninja-howto.html for more information and examples

    Regards,
    (gdb) disass m(y_br)ain

    ®

Similar Threads

  1. Problem with Apache http server
    By Yoma! in forum Beginners Forum
    Replies: 4
    Last Post: 05-07-2010, 02:20 PM
  2. Fatal server error: no screens found
    By Kalerion in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 03-30-2010, 10:46 PM
  3. Fatal Server Error: No Screens Found
    By Kalantal in forum OLD Newbie Area
    Replies: 6
    Last Post: 12-24-2009, 04:52 PM
  4. HTTPD - Apache HTTP Server!
    By ioannou.alexandros in forum OLD BT3final Support
    Replies: 5
    Last Post: 11-09-2008, 05:46 PM
  5. firefox server not found
    By parrotface in forum OLD Newbie Area
    Replies: 2
    Last Post: 03-04-2008, 05:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •