Re: [sqlmap-users] Markov chain
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Markov chain
|
From: Carlos G. V. <car...@gm...> - 2010-11-26 18:50:20
|
Thanks! Well, as always, i will be using sqlmap with the new options, and will be reporting any that can help. I'm working in a "progressive use" of N-Markov chains with M-memory. I'm using it with other purpouses, but if i see that it can help, will post it to the list, at least in a theoretically way. KR P.S.: You really think that i have python skills?!?! you must be kidding... ;) 2010/11/19 Miroslav Stampar <mir...@gm...>: > hi Carlos once again. > > as said, i've read your code, and can say that's it's a cool thingy. > but, as said --predict-output already makes the job really good. > > nevertheless, i'll have this one on my mind and incorporate it if > it'll be helpful in some other situation. > > kr > > p.s. good python skills ;) > > On Wed, Nov 17, 2010 at 4:34 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi. >> >> i'll join Bernardo and say that --predict-output should do the same >> job. nevertheless will research your code and report. >> >> kr >> >> On Wed, Nov 17, 2010 at 4:14 PM, Bernardo Damele A. G. >> <ber...@gm...> wrote: >>> You spoiled one of the shiny features of sqlmap 0.9-dev that we will >>> be talking about during the next weeks ;) >>> It has been implemented about since 5 months or so, give it a try >>> yourself with --predict-output and enjoy. >>> >>> Bernardo >>> >>> >>> On 17 November 2010 14:57, Carlos Gabriel Vergara >>> <car...@gm...> wrote: >>>> Hi to all. >>>> >>>> Before all, i want to mention that i been working with the repository >>>> version of sqlmap (0.9) and it's awsome. >>>> >>>> I want to propose something crazy: Markov chains. >>>> (http://en.wikipedia.org/wiki/Markov_chain) >>>> Keeping it simple: a Markov chain is a tool that works on predictive >>>> events. It works with events, generating a "chain" (a list) of wich >>>> event is going to happen if certain events has already happen. >>>> When using sqlmap, let's say, when enumerating users, if at the middle >>>> of the process we see that the user is "roo", it's obvious that the >>>> last char will be a "t". If a table name is "aucti", the rest will be >>>> "on". If we see the "events" of the Markov chain as the probability of >>>> find one char knowing the predecessor chars, it could be used in >>>> sqlmap, at least to "try" the more often char for the previous >>>> combination, based on a dictionary of words (common users, tables, >>>> structures, values, etc). >>>> Another capability of Markov chain is that it has "memory"; in case of >>>> char prediction, the memory specifies how much chars it will be >>>> "looking back" when predicting the next. >>>> >>>> I have code a sample in python that shows the process in a very fool >>>> example. It's a tool that takes a dictionary as input, a "memory size" >>>> (default 2 chars back), and generates a random text based on this >>>> chain. The result will be random text similar to the language used in >>>> the dictionary. >>>> >>>> In sqlmap, the chain could be used to test the next "more probably" >>>> character for the partially guessed string based on a dictionary of >>>> common words. >>>> >>>> For example: the script was used on a dict file generated using >>>> "sqlmap --help > testdict.txt", with this output: >>>> >>>> $ ./markov_chain.py -d testdict.txt -m 4 >>>> sqlmap/0.8 - authe cookie header --ver takeover own SQL injection >>>> INI file click processions can behaviour or stack-end DBMS database >>>> gentry key value=RFILE -c CONFIGFILE Write DBMS current >>>> Last from retrinter(s) ratingerpreteration cert=ACERT First or >>>> structure affection (defaults (default 1) >>>> >>>> Look that "randomly" generated text using the chain is very very >>>> similar to the english speaking. >>>> >>>> I'm attaching the source to the mail. >>>> >>>> Hope it can help! >>>> >>>> Best regards, >>>> >>>> >>>> -- >>>> --------8<-------- >>>> Carlos Gabriel Vergara >>>> http://www.ThorSecurity.com.ar >>>> >>>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp >>>> -------->8-------- >>>> >>>> ------------------------------------------------------------------------------ >>>> Beautiful is writing same markup. Internet Explorer 9 supports >>>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>>> Spend less time writing and rewriting code and more time creating great >>>> experiences on the web. Be a part of the beta today >>>> http://p.sf.net/sfu/msIE9-sfdev2dev >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobile: +447788962949 (UK 07788962949) >>> PGP Key ID: 0x05F5A30F >>> >>> ------------------------------------------------------------------------------ >>> Beautiful is writing same markup. Internet Explorer 9 supports >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> Spend less time writing and rewriting code and more time creating great >>> experiences on the web. Be a part of the beta today >>> http://p.sf.net/sfu/msIE9-sfdev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
