Sqlmap fails at enabling xp_cmdshell procedure · Issue #470 · sqlmapproject/sqlmap · GitHub
Skip to content

Sqlmap fails at enabling xp_cmdshell procedure #470

Description

@AnonZed

Hi folks,

I have found a SQL Injection, on a web site using the account "sa" on a MSSQL 2008 database (penetration testing assessment). I can dump the whole DB, however, sqlmap fails at enabling the xp_cmdshell procedure. I get the following error :

[12:14:22] [INFO] checking if xp_cmdshell extended procedure is available, please wait..
xp_cmdshell extended procedure does not seem to be available. Do you want sqlmap to try to re-enable it? [Y/n]
[12:14:23] [WARNING] xp_cmdshell re-enabling failed
[12:14:23] [INFO] creating xp_cmdshell with sp_OACreate
[12:14:23] [WARNING] xp_cmdshell creation failed, probably because sp_OACreate is disabled
[12:14:23] [CRITICAL] unable to proceed without xp_cmdshell

I have been searching the web for related issues, and have came accross the following post :

http://www.silverspam.net/forum/hacking-security/exploits-and-vulnerabilities/4757-sqlmap-xp-cmdshell-creation-failed-probably-because-sp-oacreate-is-disabled

As you can see, access to the solution is not free... Do you have any clue on how is it possible to solve this.

Many many many thanks in advance !

Cheers.

Z.

Metadata

Metadata

Assignees

Labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions