Re: [sqlmap-users] Markov chain
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Markov chain
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-11-17 15:14:09
|
You spoiled one of the shiny features of sqlmap 0.9-dev that we will be talking about during the next weeks ;) It has been implemented about since 5 months or so, give it a try yourself with --predict-output and enjoy. Bernardo On 17 November 2010 14:57, Carlos Gabriel Vergara <car...@gm...> wrote: > Hi to all. > > Before all, i want to mention that i been working with the repository > version of sqlmap (0.9) and it's awsome. > > I want to propose something crazy: Markov chains. > (http://en.wikipedia.org/wiki/Markov_chain) > Keeping it simple: a Markov chain is a tool that works on predictive > events. It works with events, generating a "chain" (a list) of wich > event is going to happen if certain events has already happen. > When using sqlmap, let's say, when enumerating users, if at the middle > of the process we see that the user is "roo", it's obvious that the > last char will be a "t". If a table name is "aucti", the rest will be > "on". If we see the "events" of the Markov chain as the probability of > find one char knowing the predecessor chars, it could be used in > sqlmap, at least to "try" the more often char for the previous > combination, based on a dictionary of words (common users, tables, > structures, values, etc). > Another capability of Markov chain is that it has "memory"; in case of > char prediction, the memory specifies how much chars it will be > "looking back" when predicting the next. > > I have code a sample in python that shows the process in a very fool > example. It's a tool that takes a dictionary as input, a "memory size" > (default 2 chars back), and generates a random text based on this > chain. The result will be random text similar to the language used in > the dictionary. > > In sqlmap, the chain could be used to test the next "more probably" > character for the partially guessed string based on a dictionary of > common words. > > For example: the script was used on a dict file generated using > "sqlmap --help > testdict.txt", with this output: > > $ ./markov_chain.py -d testdict.txt -m 4 > sqlmap/0.8 - authe cookie header --ver takeover own SQL injection > INI file click processions can behaviour or stack-end DBMS database > gentry key value=RFILE -c CONFIGFILE Write DBMS current > Last from retrinter(s) ratingerpreteration cert=ACERT First or > structure affection (defaults (default 1) > > Look that "randomly" generated text using the chain is very very > similar to the english speaking. > > I'm attaching the source to the mail. > > Hope it can help! > > Best regards, > > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today > http://p.sf.net/sfu/msIE9-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
