Re: [sqlmap-users] Markov chain
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Markov chain
|
From: Miroslav S. <mir...@gm...> - 2010-11-19 22:00:30
|
hi Carlos once again. as said, i've read your code, and can say that's it's a cool thingy. but, as said --predict-output already makes the job really good. nevertheless, i'll have this one on my mind and incorporate it if it'll be helpful in some other situation. kr p.s. good python skills ;) On Wed, Nov 17, 2010 at 4:34 PM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > i'll join Bernardo and say that --predict-output should do the same > job. nevertheless will research your code and report. > > kr > > On Wed, Nov 17, 2010 at 4:14 PM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> You spoiled one of the shiny features of sqlmap 0.9-dev that we will >> be talking about during the next weeks ;) >> It has been implemented about since 5 months or so, give it a try >> yourself with --predict-output and enjoy. >> >> Bernardo >> >> >> On 17 November 2010 14:57, Carlos Gabriel Vergara >> <car...@gm...> wrote: >>> Hi to all. >>> >>> Before all, i want to mention that i been working with the repository >>> version of sqlmap (0.9) and it's awsome. >>> >>> I want to propose something crazy: Markov chains. >>> (http://en.wikipedia.org/wiki/Markov_chain) >>> Keeping it simple: a Markov chain is a tool that works on predictive >>> events. It works with events, generating a "chain" (a list) of wich >>> event is going to happen if certain events has already happen. >>> When using sqlmap, let's say, when enumerating users, if at the middle >>> of the process we see that the user is "roo", it's obvious that the >>> last char will be a "t". If a table name is "aucti", the rest will be >>> "on". If we see the "events" of the Markov chain as the probability of >>> find one char knowing the predecessor chars, it could be used in >>> sqlmap, at least to "try" the more often char for the previous >>> combination, based on a dictionary of words (common users, tables, >>> structures, values, etc). >>> Another capability of Markov chain is that it has "memory"; in case of >>> char prediction, the memory specifies how much chars it will be >>> "looking back" when predicting the next. >>> >>> I have code a sample in python that shows the process in a very fool >>> example. It's a tool that takes a dictionary as input, a "memory size" >>> (default 2 chars back), and generates a random text based on this >>> chain. The result will be random text similar to the language used in >>> the dictionary. >>> >>> In sqlmap, the chain could be used to test the next "more probably" >>> character for the partially guessed string based on a dictionary of >>> common words. >>> >>> For example: the script was used on a dict file generated using >>> "sqlmap --help > testdict.txt", with this output: >>> >>> $ ./markov_chain.py -d testdict.txt -m 4 >>> sqlmap/0.8 - authe cookie header --ver takeover own SQL injection >>> INI file click processions can behaviour or stack-end DBMS database >>> gentry key value=RFILE -c CONFIGFILE Write DBMS current >>> Last from retrinter(s) ratingerpreteration cert=ACERT First or >>> structure affection (defaults (default 1) >>> >>> Look that "randomly" generated text using the chain is very very >>> similar to the english speaking. >>> >>> I'm attaching the source to the mail. >>> >>> Hope it can help! >>> >>> Best regards, >>> >>> >>> -- >>> --------8<-------- >>> Carlos Gabriel Vergara >>> http://www.ThorSecurity.com.ar >>> >>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>> -------->8-------- >>> >>> ------------------------------------------------------------------------------ >>> Beautiful is writing same markup. Internet Explorer 9 supports >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> Spend less time writing and rewriting code and more time creating great >>> experiences on the web. Be a part of the beta today >>> http://p.sf.net/sfu/msIE9-sfdev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: 0x05F5A30F >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today >> http://p.sf.net/sfu/msIE9-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
