Information Security

SQLMap won’t enumerate databases

Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.

And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.

So this is the info of the updated sqlmap version to that date:

bash

  1. root@fsckOSX:/pentest/database/sqlmap# svn info
  2. Path: .
  3. URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
  4. Repository Root: https://svn.sqlmap.org/sqlmap
  5. Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
  6. Revision: 4380
  7. Node Kind: directory
  8. Schedule: normal
  9. Last Changed Author: stamparm
  10. Last Changed Rev: 4380
  11. Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)

the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.