Re: [sqlmap-users] Markov chain
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Markov chain
|
From: Miroslav S. <mir...@gm...> - 2010-11-17 15:34:50
|
hi. i'll join Bernardo and say that --predict-output should do the same job. nevertheless will research your code and report. kr On Wed, Nov 17, 2010 at 4:14 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > You spoiled one of the shiny features of sqlmap 0.9-dev that we will > be talking about during the next weeks ;) > It has been implemented about since 5 months or so, give it a try > yourself with --predict-output and enjoy. > > Bernardo > > > On 17 November 2010 14:57, Carlos Gabriel Vergara > <car...@gm...> wrote: >> Hi to all. >> >> Before all, i want to mention that i been working with the repository >> version of sqlmap (0.9) and it's awsome. >> >> I want to propose something crazy: Markov chains. >> (http://en.wikipedia.org/wiki/Markov_chain) >> Keeping it simple: a Markov chain is a tool that works on predictive >> events. It works with events, generating a "chain" (a list) of wich >> event is going to happen if certain events has already happen. >> When using sqlmap, let's say, when enumerating users, if at the middle >> of the process we see that the user is "roo", it's obvious that the >> last char will be a "t". If a table name is "aucti", the rest will be >> "on". If we see the "events" of the Markov chain as the probability of >> find one char knowing the predecessor chars, it could be used in >> sqlmap, at least to "try" the more often char for the previous >> combination, based on a dictionary of words (common users, tables, >> structures, values, etc). >> Another capability of Markov chain is that it has "memory"; in case of >> char prediction, the memory specifies how much chars it will be >> "looking back" when predicting the next. >> >> I have code a sample in python that shows the process in a very fool >> example. It's a tool that takes a dictionary as input, a "memory size" >> (default 2 chars back), and generates a random text based on this >> chain. The result will be random text similar to the language used in >> the dictionary. >> >> In sqlmap, the chain could be used to test the next "more probably" >> character for the partially guessed string based on a dictionary of >> common words. >> >> For example: the script was used on a dict file generated using >> "sqlmap --help > testdict.txt", with this output: >> >> $ ./markov_chain.py -d testdict.txt -m 4 >> sqlmap/0.8 - authe cookie header --ver takeover own SQL injection >> INI file click processions can behaviour or stack-end DBMS database >> gentry key value=RFILE -c CONFIGFILE Write DBMS current >> Last from retrinter(s) ratingerpreteration cert=ACERT First or >> structure affection (defaults (default 1) >> >> Look that "randomly" generated text using the chain is very very >> similar to the english speaking. >> >> I'm attaching the source to the mail. >> >> Hope it can help! >> >> Best regards, >> >> >> -- >> --------8<-------- >> Carlos Gabriel Vergara >> http://www.ThorSecurity.com.ar >> >> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >> -------->8-------- >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today >> http://p.sf.net/sfu/msIE9-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today > http://p.sf.net/sfu/msIE9-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
