Metasploit mailing list archives
Metasploit Ratproxy
From: spinbad.security at googlemail.com (spinbad)
Date: Tue, 2 Dec 2008 16:01:40 +0100
Nope, this looks like there is a problem with setting the parameters in the wmap_run command. The ^M is just a "display/converting" error. You should be able to run the blind_sql_query module standalone... I will try to find out what is responsible for this. In the meantime you might disable the module by using MCs brand new "profile" feature: http://metasploit.com/dev/trac/changeset/5988 spinbad 2008/12/2 Edward Bjarte Fjellsk?l <edward at linpro.no>
Tested on Ubuntu Hardy (8.04) with ratproxy 1.51 and msf-3.3-dev (svn about 4 hours ago) Compiling ratproxy gives warnings, but does not seem to affect anything: ratproxy.c: In function 'save_trace': ratproxy.c:631: warning: passing argument 5 of 'sqlite3_prepare' from Following: http://www.metasploit.com/dev/trac/browser/framework3/trunk/documentation/wmap.txt and http://carnal0wnage.blogspot.com/2008/11/metasploit-and-wmap_24.html Gives me errors on the wmap_blind_sql_query : [*] Launching auxiliary/scanner/http/wmap_blind_sql_query WMAP_UNIQUE_QUERY against 127.0.0.1:80 [*] >> Exception during launch from auxiliary/scanner/http/wmap_blind_sql_query: The following options failed to validate: PATH. [*] Launching auxiliary/scanner/http/wmap_blind_sql_query WMAP_UNIQUE_QUERY against 127.0.0.1:80 [*] >> Exception during launch from auxiliary/scanner/http/wmap_blind_sql_query: The following options failed to validate: PATH. [*] Launching auxiliary/scanner/http/wmap_blind_sql_query WMAP_UNIQUE_QUERY against 127.0.0.1:80 [*] >> Exception during launch from auxiliary/scanner/http/wmap_blind_sql_query: The following options failed to validate: PATH. [*] Launching auxiliary/scanner/http/wmap_blind_sql_query WMAP_UNIQUE_QUERY against 127.0.0.1:80 [*] >> Exception during launch from auxiliary/scanner/http/wmap_blind_sql_query: The following options failed to validate: PATH. I have tried to setg PATH /index.php etc.... no luck.. opening up wmap_blind_sql_query shows me lots of: ^M ^M ^M ^M in the file... could this b0rk things up ? ebf0
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081202/b60c1dd5/attachment.htm>
Current thread:
- Metasploit Ratproxy Danilo Nascimento (Dec 01)
- Metasploit Ratproxy Ulisses Castro (thebug) (Dec 01)
- Metasploit Ratproxy Danilo Nascimento (Dec 01)
- Metasploit Ratproxy Danilo Nascimento (Dec 01)
- Metasploit Ratproxy Danilo Nascimento (Dec 01)
- Metasploit Ratproxy spinbad (Dec 01)
- Metasploit Ratproxy Edward Bjarte Fjellskål (Dec 02)
- Metasploit Ratproxy spinbad (Dec 02)
- Metasploit Ratproxy Danilo Nascimento (Dec 02)
- Metasploit Ratproxy Edward Bjarte Fjellskål (Dec 02)
- Metasploit Ratproxy Ulisses Castro (thebug) (Dec 01)