Hi
Running sqlmap 1.0-dev, Kali linux up to date, tomcat 7, and latest WebGoat v5.4
I can log into WebGoat via the browser http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100 with the login and password.
I then tried to execute this:
sqlmap -u "http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100" --banner --auth-type="Basic" --auth-cred="webgoat:webgoat"
but it gives me:
[*] starting at 17:11:09
[17:11:09] [INFO] testing connection to the target URL
[17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)
[17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)
[17:11:09] [WARNING] HTTP error codes detected during run:
401 (Unauthorized) - 1 times
[*] shutting down at 17:11:09
I did read the manual page and googled the terms “CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials” read some web sites, but still, I’m stumped.
I have read the following links:
#542
#125
http://tech4castblog.wordpress.com/2012/04/20/webgoat-http-authentication-type-and-valid-credentials-401-5/ (so is there a way to specify the port number 8080 to sqlmap? Shouldn’t sqlmap be able to figure out the port number since it’s specified in the URL?…is this the cause of error?)
http://comments.gmane.org/gmane.comp.security.sqlmap/234
the above came from the following google terms: “sqlmap [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)”
Appreciate some help. Thanks.
Gordon
Hi
Running sqlmap 1.0-dev, Kali linux up to date, tomcat 7, and latest WebGoat v5.4
I can log into WebGoat via the browser http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100 with the login and password.
I then tried to execute this:
sqlmap -u "http://localhost:8080/WebGoat-5.4/attack?Screen=153&menu=1100" --banner --auth-type="Basic" --auth-cred="webgoat:webgoat"
but it gives me:
[*] starting at 17:11:09
[17:11:09] [INFO] testing connection to the target URL
[17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)
[17:11:09] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)
[17:11:09] [WARNING] HTTP error codes detected during run:
401 (Unauthorized) - 1 times
[*] shutting down at 17:11:09
I did read the manual page and googled the terms “CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials” read some web sites, but still, I’m stumped.
I have read the following links:
#542
#125
http://tech4castblog.wordpress.com/2012/04/20/webgoat-http-authentication-type-and-valid-credentials-401-5/ (so is there a way to specify the port number 8080 to sqlmap? Shouldn’t sqlmap be able to figure out the port number since it’s specified in the URL?…is this the cause of error?)
http://comments.gmane.org/gmane.comp.security.sqlmap/234
the above came from the following google terms: “sqlmap [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)”
Appreciate some help. Thanks.
Gordon