Machine name: vaccine stuck on getting SQL code execution shell

Glad I stumbled upon this. I started Vaccine a little bit ago and kept running into connection timeout when issuing sqlmap command with --os-shell. Tried different session IDs and kept running into the same thing.

Do you just wait it out at this point?

Today I came up to the same issue (EU server). Couple of hours later I tried again and it worked. Opening the address in browser also timed out when there was a problem with sqlmap.

ok good stuff thanks for confirming that> @redrom01 said:

The same is happening to me. Voted to reset lab just in case. And yes, I tried with several PHP Sessions ID cookies.

The connection always drop at this point:


“testing if current user is DBA”

And it just timeout.

yep I had this too. Voting to reset.

I was the fifth reset vote. Its just reset.

Its still timing out for me though…

Hello,
Any of you have issues with the version of PostgreSQL? After successfully running the sqlmap, i get the following:

[13:57:17] [INFO] the back-end DBMS is PostgreSQL
back-end DBMS: PostgreSQL
[13:57:17] [INFO] fingerprinting the back-end DBMS operating system
[13:57:17] [INFO] the back-end DBMS operating system is Linux
[13:57:18] [INFO] testing if current user is DBA
[13:57:18] [WARNING] the SQL query provided does not return any output
[13:57:18] [WARNING] running in a single-thread mode. Please consider usage of option ‘–threads’ for faster data retrieval
[13:57:18] [INFO] retrieved:
[13:57:18] [WARNING] unexpected HTTP code ‘302’ detected. Will use (extra) validation step in similar cases

[13:57:19] [INFO] detecting back-end DBMS version from its banner
[13:57:19] [INFO] resumed: ‘’

[13:57:19] [CRITICAL] unsupported feature on versions of PostgreSQL before 8.2

What command did you execute? I am about to test this again shortly i’ll update the results after doing so.

Nope. I am still getting disconnected after running:

sqlmap -u ‘http://10.10.10.46/dashboard.php?search=a’ --cookie=“PHPSESSID=73jv7pdmjsv7dsspoqtnlv66ls” --os-shell

sqlmap worked just fine without the --os-shell

@NeoCortex2000 Of course you can also do the injection manually. First, it would be a very good exercise, and second, it worked (I just tested it)

I got to thinking last night about alternative approaches to getting into this machine but was drawing blanks so thanks for the suggestion!

Could you provide a little more detail on how one would approach manual injection please?

Hi all,

I’m stuck on the machine as well, mainly because --os-shell in sqlmap times out and seems to invalidate my current session cookie.

I’ve gotten to the point now where I can manually navigate the tables and run simple commands via code in the search box (e.g. run “ls” and print the output in the first column).

Where I’m stuck now is getting shell or a reverse shell to run. Using any variation of “nc” just exits with error code 1 or 2.

Appreciate any pointers!

Thx!

Im still stuck on this too… pointers double appreciated!

@sechzehn If you can already navigate trough the tables your almost done. Think about what you could find in the tables? A username? Maybe a hashed password? On the machine ssh is activated with your gained information you could just simply login via ssh instead of trying to upload a shell :wink:

I think it’s not a problem with the machine itself but rather something caused by users messing around in /etc/postgresql since I had the same problem but was able to complete the machine successfully by exploiting immediately after a reset. Little tip: the section of the walktrough mentioning vim does not mean you have to edit the file!

Hello everyone,

For those experiencing issues with port 80 interaction on Vaccine, please take note that as @drugantibus reported, this is due to users exiting their os-shell improperly. You will have to issue a reset vote every time Vaccine is unresponsive on port 80 or switch servers to find a working Vaccine SQL service.

Thank you.

Type your comment> @0nenine9 said:

Hello everyone,

For those experiencing issues with port 80 interaction on Vaccine, please take note that as @drugantibus reported, this is due to users exiting their os-shell improperly. You will have to issue a reset vote every time Vaccine is unresponsive on port 80 or switch servers to find a working Vaccine SQL service.

Thank you.

I’ve been stuck on this for days now because people keep on crashing the server. Literally as soon is a reset vote is done someone almost IMMEDIATELY screws it up again… Very frustrating, especially as this is supposed to be a beginner box.

Does VIP access include VIP access to the starting servers or only the servers past this point? At this stage I’m willing to just throw money at the issue so I can move on.

1 Like

I’ve been stuck on this box for over a week. Im double frustrated as I bought VIP access when I first started but can’t use it as this box is in my way.

I was able to get the --os-shell to work earlier but then it timed out when I attempted to execute the reverse bash shell.

Getting through this box is going to need some stubborn determination I think. If anything its a good thing that its not working becuase its going to force us to think for ourselves and self learn what we don’t know. There will be another way in I am sure.

I’m not using MSF, I’m trying to use it sparingly as I don’t believe MSF is a very good tool for learning. I’m trying a manual exploit but I keep getting timeouts on port 80 which makes that kind of hard.

Hello,

If you want to do it by hand you can follow this link:

And if someone prefers, I coded a python script available here:

good luck