Causes a connection timeout. I lose my session on the page and have to close the browser and reopen it before I can get back to the login page. The ntework stays up and I can ping 10.10.10.46 when this happens.
After reopening the browser and getting a new PHP session ID I can rerun the commands above but they drop the connection again. Any ideas?
Glad I stumbled upon this. I started Vaccine a little bit ago and kept running into connection timeout when issuing sqlmap command with --os-shell. Tried different session IDs and kept running into the same thing.
Today I came up to the same issue (EU server). Couple of hours later I tried again and it worked. Opening the address in browser also timed out when there was a problem with sqlmap.
Hello,
Any of you have issues with the version of PostgreSQL? After successfully running the sqlmap, i get the following:
[13:57:17] [INFO] the back-end DBMS is PostgreSQL
back-end DBMS: PostgreSQL
[13:57:17] [INFO] fingerprinting the back-end DBMS operating system
[13:57:17] [INFO] the back-end DBMS operating system is Linux
[13:57:18] [INFO] testing if current user is DBA
[13:57:18] [WARNING] the SQL query provided does not return any output
[13:57:18] [WARNING] running in a single-thread mode. Please consider usage of option ‘–threads’ for faster data retrieval
[13:57:18] [INFO] retrieved:
[13:57:18] [WARNING] unexpected HTTP code ‘302’ detected. Will use (extra) validation step in similar cases
[13:57:19] [INFO] detecting back-end DBMS version from its banner
[13:57:19] [INFO] resumed: ‘’
[13:57:19] [CRITICAL] unsupported feature on versions of PostgreSQL before 8.2
I’m stuck on the machine as well, mainly because --os-shell in sqlmap times out and seems to invalidate my current session cookie.
I’ve gotten to the point now where I can manually navigate the tables and run simple commands via code in the search box (e.g. run “ls” and print the output in the first column).
Where I’m stuck now is getting shell or a reverse shell to run. Using any variation of “nc” just exits with error code 1 or 2.
@sechzehn If you can already navigate trough the tables your almost done. Think about what you could find in the tables? A username? Maybe a hashed password? On the machine ssh is activated with your gained information you could just simply login via ssh instead of trying to upload a shell
I think it’s not a problem with the machine itself but rather something caused by users messing around in /etc/postgresql since I had the same problem but was able to complete the machine successfully by exploiting immediately after a reset. Little tip: the section of the walktrough mentioning vim does not mean you have to edit the file!
For those experiencing issues with port 80 interaction on Vaccine, please take note that as @drugantibus reported, this is due to users exiting their os-shell improperly. You will have to issue a reset vote every time Vaccine is unresponsive on port 80 or switch servers to find a working Vaccine SQL service.
For those experiencing issues with port 80 interaction on Vaccine, please take note that as @drugantibus reported, this is due to users exiting their os-shell improperly. You will have to issue a reset vote every time Vaccine is unresponsive on port 80 or switch servers to find a working Vaccine SQL service.
Thank you.
I’ve been stuck on this for days now because people keep on crashing the server. Literally as soon is a reset vote is done someone almost IMMEDIATELY screws it up again… Very frustrating, especially as this is supposed to be a beginner box.
Does VIP access include VIP access to the starting servers or only the servers past this point? At this stage I’m willing to just throw money at the issue so I can move on.
