Using sqlmap I was able to gain access to one database and using --current-user
and --privileges
. I can confirm that the user is root@localhost
with full privileges.
The part I have problem with is that I don't understand how the --os-shell
works. I have googled a lot but all the tutorials are using easy targets which doesn't help in my case.
So here is the command I use for using the --os-shell
function:
python sqlmap.py -u 'http://www.example.com/th/dim-news-detail.php?id=9&page_num=0' --identify-waf --tamper=between,randomcase,space2comment -v 3 --random-agent --level 3 --risk 3 --dbs --os-shell
After this, sqlmap wants me to choose a programming language and I choose PHP. After that, it asks me for a location to upload the shell. This is the part I have problem with. I don't know what location I should choose. Whatever I enter, sqlmap tries to upload it in directions after public_html
and it fails to do so. I mean when I enter /var/www
for example, sqlmap tries example.com/var/www
which obviously doesn't exist! Can anyone please let me know how to process works and how I need to figure out the path?
I'm using webmin panel on this target server if that helps. I just need to know what criteria should the directory have in order for sqlmap to upload files to it and also I need to know how to upload --os-shell
before public_html
. I mean actual /var/www
not example.com/var/www
.