Re: [sqlmap-users] python script to read partial file downloads from the sqlmap session
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] python script to read partial file downloads from the sqlmap session
|
From: Ahmed S. <ah...@is...> - 2011-09-09 18:14:27
|
AFAIK sqlmap uses into DUMPFILE and the speed of grabbing files within this function depends on the used technique it self during the injection On Fri, Sep 9, 2011 at 6:17 PM, ryan cartner <rya...@gm...> wrote: > Using --file-read on some injections can take a long time if the file must > be retrieved one character at a time. Currently there is no easy way to view > a partially downloaded file. This python script will do that. Simply run > sqlmap with --file-read and once you've read part of the file, run the > script like this: > > python ./partialfile.py -s ./output/www.something.com/session -f > global.asa > > it will grab the hex stream out of the sqlmap session file, convert it, and > spit it back out :) > Unfortunately this workaround is incompatible with --threads for two > reasons. First, sqlmap doesn't write out to the session file until either > it's finished or it receives sigint. second, in all my testing I haven't > been able to get it to take sigint (ctrl-c) when --threads is being used. > If anybody can figure out a fix for this i'm all ears :) > > #!/usr/bin/python > > import optparse, re, binascii > > parser = optparse.OptionParser() > parser.add_option('-s', help='sqlmap session file', dest='ses', nargs=1) > parser.add_option('-f', help='the filename of the file you are > downloading', dest=dl', nargs=1) > (opts, args) = parser.parse_args() > > if opts.ses is None or opts.dl is None: > print "Both a session file and the name of the file you are downloading are > required." > parser.print_help() > exit(-1) > print "Session file: " + opts.ses > pritn "Downloaded file: " + opts.dl > > f = open(opts.ses).read() > m = re.compile(opts.dl+"\'\)\)\]\[(.+?)$").search(f).group(1) > > if len(m) % 2 != 0 > m=m[0:-1] > > print binascii.unhexlify(m) > > > > ------------------------------------------------------------------------------ > Why Cloud-Based Security and Archiving Make Sense > Osterman Research conducted this study that outlines how and why cloud > computing security and archiving is rapidly being adopted across the IT > space for its ease of implementation, lower cost, and increased > reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
