sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard

Published 20 hours ago verified publisher icon sqlmapproject

File transfer via TFTP, FTP and HTTP

Open bdamele opened this issue 13 years ago • 1 comments

In both --file-upload and --os-pwn provide the user with the option to download onto the DBMS filesystem the payload stager (or shellcodeexec executable) via HTTP/TFTP/FTP server from the attacker (or a staged third-party server) machine rather than uploading it via SQL payload's file write methods.

Port the same concept eventually to --file-download too.

Libraries:

  • FTP server: http://code.google.com/p/pyftpdlib/ (MIT License).
  • TFTP server: http://tftpy.sourceforge.net/ (MIT License).
  • HTTP server: either http://docs.python.org/library/basehttpserver.html or http://docs.python.org/library/simplehttpserver.html (both part of Python interpreter).

bdamele avatar Jun 26 '12 15:06 bdamele

Example how to for MsSQL/FTP: http://labs.portcullis.co.uk/download/Revelli-OwaspDay2-Rome.pdf (slide 12)

stamparm avatar Mar 19 '13 20:03 stamparm