[VIDEO] root the box (Sqlmap/Burpsuite/Metasploit)

[pigtail23]

This video shows how easy it is to get root on a webserver.
We need only few tools. As first i will show you sqlmap+burpsuite and how you can use it. As secound we will create a lillte php backdoor to get a shell. And in the last part we will try to exploit the kernel to get root access on the machine. I hope you enjoy the video and give feed back.

Blip.tv-Link: http://pigtail23.blip.tv/file/5032728/
VMware-IMG: http://ds.mathematik.uni-marburg.de/.../vulnimage.zip
Local-Root Exploit Framework: http://www.grsecurity.net/~spender/enlightenment.tgz

best regards

edit:

-You need Sqlmap0.9-dev or >
-You can also login with User: blogger , Password:'OR 1=1-- -

[LHYX1]

Thanx man,
great post
just downloaded the vmware image.

Altough in my case sqlmap doesn't detect the sql injection.
I followed your exact steps from the video.
output sqlmap: http://home.base.be/%72%68%69%6E%63%6B%78%74/1.html

[spawn]

Great Post

[longjidin]

nice one ..........!!!

[pigtail23]

Thanx man,
great post
just downloaded the vmware image.

Altough in my case sqlmap doesn't detect the sql injection.
I followed your exact steps from the video.
output sqlmap: http://home.base.be/%72%68%69%6E%63%6B%78%74/1.html

try: ./sqlmap -l /root/sqli.txt --level=1 to 5 or set up the risk from 1 to 3 like --risk=2 or 3

[LHYX1]

Doesn't work either

Code:

root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --level=1

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

Usage: ./sqlmap.py [options]

sqlmap.py: error: no such option: --level
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --risk=1

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

Usage: ./sqlmap.py [options]

sqlmap.py: error: no such option: --risk

I checked the help. There's indeed no such option.
And I tried this about 10 times but each time sqlmap can't seem to find anything.

[pigtail23]

as first: thanks 4 the hole thanks . as secound:

Doesn't work either

Code:

root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --level=1

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

Usage: ./sqlmap.py [options]

sqlmap.py: error: no such option: --level
root@bt:/pentest/database/sqlmap# ./sqlmap.py -l /root/sqli.txt --risk=1

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

Usage: ./sqlmap.py [options]

sqlmap.py: error: no such option: --risk

I checked the help. There's indeed no such option.
And I tried this about 10 times but each time sqlmap can't seem to find anything.

you need to update your sqlmap:

svn up /pentest/database/sqlmap/

the version must be 1.0-dev.
if this don't work try this:

1) cd /pentest/database/

2) rm -r sqlmap

3) svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap

[LHYX1]

Thanx a lot !!
Updated sqlmap and works fine now.
should have kown that I had to update.
My sqlmap was the standard that comes with Bt R2.

[voidnecron]

Nice one, but try to compress the vid less, it's barely readable at some times.

[mandrakesecurity]

Excelent post