[sqlmap-users] python script to read partial file downloads from the sqlmap session
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] python script to read partial file downloads from the sqlmap session
|
From: ryan c. <rya...@gm...> - 2011-09-09 16:17:07
|
Using --file-read on some injections can take a long time if the file must be retrieved one character at a time. Currently there is no easy way to view a partially downloaded file. This python script will do that. Simply run sqlmap with --file-read and once you've read part of the file, run the script like this: python ./partialfile.py -s ./output/www.something.com/session -f global.asa it will grab the hex stream out of the sqlmap session file, convert it, and spit it back out :) Unfortunately this workaround is incompatible with --threads for two reasons. First, sqlmap doesn't write out to the session file until either it's finished or it receives sigint. second, in all my testing I haven't been able to get it to take sigint (ctrl-c) when --threads is being used. If anybody can figure out a fix for this i'm all ears :) #!/usr/bin/python import optparse, re, binascii parser = optparse.OptionParser() parser.add_option('-s', help='sqlmap session file', dest='ses', nargs=1) parser.add_option('-f', help='the filename of the file you are downloading', dest=dl', nargs=1) (opts, args) = parser.parse_args() if opts.ses is None or opts.dl is None: print "Both a session file and the name of the file you are downloading are required." parser.print_help() exit(-1) print "Session file: " + opts.ses pritn "Downloaded file: " + opts.dl f = open(opts.ses).read() m = re.compile(opts.dl+"\'\)\)\]\[(.+?)$").search(f).group(1) if len(m) % 2 != 0 m=m[0:-1] print binascii.unhexlify(m) |
