SQLMap realy slow on local network - mysql

i'am currently trying to use SQLMap on an apparently easy injection on a local web server :
SELECT * from table WHERE `col` LIKE 'VULN_HERE';
I'am using the following command :
sqlmap -u http://localhost/?i=1 --dbms mysql --level 5 --risk 3 -p i --dbs -v 2 --technique 'T'
When running this command, sqlmap identify the injection correctly but is blocking at :
[14:36:43] [INFO] checking if the injection point on GET parameter 'i' is a false positive
What is wrong ?

I think your URL shall be quoted :
sqlmap -u "http://localhost/?i=1" ....

Hi check your syntax and have a look:
SQLmap
You need your URL to be within quotes always or the command prompt will take i=1 outside the URL and as a different parameter.
Hope it'll solve your issues.

Related

SnowSQL connection issue with Snowflake

I have searched this forum for help on my specific issue, but can't find enough documentation to solve the error I am getting. I believe there is a configuration issue between snowsql and my trial snowflake account.
C:\Users\barberc> snowsql -a tyXXXXX.us-east-2 -u XXXXXX#gmail.com
Password:
250001 (n/a): Could not connect to Snowflake backend after 0 attempt(s).Aborting
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.
Goodbye!
I have also tried appending the ".aws" on it, but that doesn't seem to help.
I am trying to load data from a .csv into a database to work with.
Thank you in advance
enter image description here
You should run this SQL command to get your Snowflake account URL
use role accountadmin;
select system$whitelist();
Look for [{"type":"SNOWFLAKE_DEPLOYMENT","host":"xxxxx.ap-southeast-2.snowflakecomputing.com","port":443},
Extract the hostname before snowflakecomputing.com, that would be the account name to use in snowsql.
In this example, it will be
snowsql -a xxxxx.ap-southeast-2
You may also want to check with curl command, to make sure you can reach the Snowflake account.
curl -vvv https://xxxxx.ap-southeast-2.snowflakecomputing.com/console/login
If you found HTTP 200, that means a connection is established. Otherwise, there could be a proxy/firewall or routing issue.

Getting error 400 - registration error when run sym command and how to perform two way sync using SymmetricDS

I am trying to sync two database on same machine(just for testing) using symmetricDS. I have performed below installation steps.
Two copy of Symmetric set up ,sym-corp and sym-store
Corp and store 's property file are set up for mysql DB.
registered the copr
bin\sysadmin --engin corp-000 open-registration store 001
Start sym cmd but throwing below error
bin\sym --engine store-001 --port 8080
[store-001] [DataLoaderService] [store-001-job-3] Using registration > URL of http://localhost:8080/sync/corp-000/registration 2021-01-08
WARN [store-001] [SymmetricServlet] [qtp1325866488-13] > The request
path of the url could not be handled. Check the > engine.name of the
target node vs. the sync URL of the source node.> The request was
/corp-000/registration from the host 127.0.0.1 with an ip address of
127.0.0.1.
[store-001] [RegistrationService] [store-001-job-3] Unexpected error during registration: Received an unexpected response code of 400 from the server StackTraceKey [HttpException:3422623218]
Don't know What is this error, I am trying to clear my base but still no luck yet. I have reviewed official tutorial link but still no luck.
Could you please help me with below queries. This will be great help and also useful for all beginners.
Can you run multiple sym instance on same machine ?
Once set up done Should I run sync for both corp and store ?
Corp and Store 's configuration are correct or not ? if not what is incorrect and why ?
What other steps are missing to run two way syc ?
the problem may be with the line
registration.url=sync.url=http://localhost:8080/sync/corp-000
in corp-000.properties. could you try splitting it to two lines:
registration.url=
sync.url=http://localhost:8080/sync/corp-000

How to connect to local MySQL Server 8.0 with DBIish in Perl6

I'm working on a Perl6 project, but having difficulty connecting to MySQL. Even when using the DBIish (or perl6.org tutorial) example code, the connection fails. Any suggestions or advice is appreciated! User credentials have been confirmed accurate too.
I'm running this on Windows 10 with MySQL Server 8.0 and standard Perl6 with Rakudo Star. I have tried modifying the connection string in numerous ways like :$password :password<> :password() etc. but can't get a connection established. Also should note that I have the ODBC, C, C++, and.Net connectors installed.
#!/usr/bin/perl6
use v6.c;
use lib 'lib';
use DBIish;
use Register::User;
# Windows support
%*ENV<DBIISH_MYSQL_LIB> = "C:/Program Files/MySQL/MySQL Server 8.0/liblibmysql.dll"
if $*DISTRO.is-win;
my $dbh = DBIish.connect('mysql', :host<localhost>, :port(3306), :database<dbNameHere>, :user<usernameHere>, :password<pwdIsHere>) or die "couldn't connect to database";
my $sth = $dbh.prepare(q:to/STATEMENT/);
SELECT *
FROM users
STATEMENT
$sth.execute();
my #rows = $sth.allrows();
for #rows { .print }
say #rows.elems;
$sth.finish;
$dbh.dispose;
This should be connecting to the DB. Then the app runs a query, followed by printing out each resulting row. What actually happens is the application hits the 'die' message every time.
This is more of a work around, but being unable to use use a DB is crippling. So even when trying to use the NativeLibs I couldn't get a connection via DBIish. Instead I have opted to using DB::MySQL which is proving to be quite helpful. With a few lines of code this module has your DB needs covered:
use DB::MySQL;
my $mysql = DB::MySQL.new(:database<databaseName>, :user<userName>, :password<passwordHere>);
my #users = $mysql.query('select * from users').arrays;
for #users { say "user #$_[0]: $_[1] $_[2]"; }
#Results would be:
#user #1: FirstName LastName
#user #2: FirstName LastName
#etc...
This will print out a line for each user formatted as shown above. It's not as familiar as DBIish, but this module gets the job done as needed. There's plenty more you can do with it to, so I highly recommend reading the docs.
According to this github DBIish issue 127
The environmental variable DBIISH_MYSQL_LIB was removed. I don't know if anyone brought it back.
However if you add the library's path, and the file is named mysql.dll, it will work. Not a good result for the scientific method.
So more testing is needed - and perhaps
C:\Program Files\MySQL\MySQL Server 8.0\lib>mklink mysql.dll .\libmysql.dll
Oviously you can create your own lib directory and add that to your path and then add this symlink to that directory.
Hope this helps. I've spent hours..
EDIT: Still spending time - accounting later.
Something very transitory is going on. I reset the machine (perhaps always do this from now on), and still got the missing mysql.dll errors. Tried going into the MySQL lib directory to execute raku from there.. worked. changed directories.. didn't work.
Launched administrator cmd - from home directory, tried the raku command. Worked. Ok - not good, but perhaps consistent. Launched non admin cmd, tried it from the MySQL lib directory, worked. And just for giggles, tried it outside of that directory.. worked.
Now I can't get it not to work. Will explore NativeLibs::Searcher as Valle Lukas suggested!
Maybe the example in the dbiish repository is not valid anymore.
The DBIISH_MYSQL_LIB Env seems to be replaced by NativeLibs::Searcher with commit 9bc4191
Looking at NativeLibs::Searcher may help to find the root cause of the problem.

MySQL login-path issues with clustercheck script used in xinetd

default: on
# description: mysqlchk
service mysqlchk
{
# this is a config for xinetd, place it in /etc/xinetd.d/
disable = no
flags = REUSE
socket_type = stream
type = UNLISTED
port = 9200
wait = no
user = root
server = /usr/bin/mysqlclustercheck
log_on_failure += USERID
only_from = 0.0.0.0/0
#
# Passing arguments to clustercheck
# <user> <pass> <available_when_donor=0|1> <log_file> <available_when_readonly=0|1> <defaults_extra_file>"
# Recommended: server_args = user pass 1 /var/log/log-file 0 /etc/my.cnf.local"
# Compatibility: server_args = user pass 1 /var/log/log-file 1 /etc/my.cnf.local"
# 55-to-56 upgrade: server_args = user pass 1 /var/log/log-file 0 /etc/my.cnf.extra"
#
# recommended to put the IPs that need
# to connect exclusively (security purposes)
per_source = UNLIMITED
}
/etc/xinetd.d #
It is kind of strange that script works fine when run manually when it runs using /etc/xinetd.d/ , it is not working as expected.
In mysqlclustercheck script, instead of using --user= and passord= syntax, I am using --login-path= syntax
script runs fine when I run using command line but status for xinetd was showing signal 13. After debugging, I have found that even simple command like this is not working
mysql_config_editor print --all >>/tmp/test.txt
We don't see any output generated when it is run using xinetd ( mysqlclustercheck)
Have you tried the following instead of /usr/bin/mysqlclustercheck?
server = /usr/bin/clustercheck
I am wondering if you could test your binary location with the linux which command.
A long time ago since this question was asked, but it just came to my attention.
First of all as mentioned, Percona Cluster Control script is called clustercheck, so make sure you are using the correct name and correct path.
Secondly, since the server script runs fine from command line, it seems to me that the path of mysql client command is not known by the xinetd when it runs the Cluster Control script.
Since the mysqlclustercheck script as it is offered from Percona, it uses only the binary name mysql without specifying the absolute path I suggest you do the following:
Find where mysql client command is located on your system:
ccloud#gal1:~> sudo -i
gal1:~ # which mysql
/usr/local/mysql/bin/mysql
gal1:~ #
then edit script /usr/bin/mysqlclustercheck and in the following line:
MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \
place the exact path of mysql client command you found in the previous step.
I also see that you are not using MySQL connection credentials for connecting to MySQL server. mysqlclustercheck script as it is offered from Percona, it uses User/Password in order to connect to MySQL server.
So normally, you should execute the script in the command line like:
gal1:~ # /usr/sbin/clustercheck haproxy haproxyMySQLpass
HTTP/1.1 200 OK
Content-Type: text/plain
Where haproxy/haproxyMySQLpass is the MySQL connection user/pass for HAProxy monitoring user.
Additionally, you should specify them to your script's xinetd settings like:
server = /usr/bin/mysqlclustercheck
server_args = haproxy haproxyMySQLpass
Last but not least, the signal 13 you are getting is because you try to write something in a script run by xinetd. If for example in your mysqlclustercheck you try to add a statement like
echo "debug message"
you probably going to see the broken pipe signal (13 in POSIX).
Finally, I had issues with this script using SLES 12.3 and I finally manage to run it not as 'nobody' but as 'root'.
Hope it helps

Bad For Loop Variable in bash with sql server

I've been using a program of mine written in bash to interact with a mysql database, I switched to microsoft sql server and now I have a very strange issue. The code below worked with mysql. With microsoft sql server I can see that it successfully pulls the count. My "echo $id" shows a value of 23 like it should but the issue is bash spits out " Syntax error: Bad for loop variable". I'm confused at why it's doing that 23 is an integer value. Please Help.
id="`tsql -S Server\\SqlServerName -U Databas_Name -P Password -o q <<EOF
use numbers
go
SELECT COUNT(*) FROM lotsa_numbers
go
quit
EOF`"
echo $id
for (( c=0; c=>$id-1; c++ ))
do
echo $c
done
Issue was likely leading or trailing whitespace. Number of ways to deal with this, a simple one is using bash splitting by not quoting a variable (might cause a problem in some cases, but not if we're trying to get an integer)
id=$(echo $id)