Re: [sqlmap-users] Feature Request
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Feature Request
|
From: Miroslav S. <mir...@gm...> - 2012-01-11 08:28:33
|
Hi Hans. Basically, you are right. --predict-output is a good replacement for this kind cases, but I am not sure if it's enough for Ryan and Chris. Also, i'll need to take a look into it and maybe upgrade it a bit as there hasn't been development on it for more than a year. Kind regards, Miroslav Stampar On Jan 11, 2012 9:11 AM, "Hans Wurst" <wur...@go...> wrote: > Hello everyone, > > Whats with --predict-output ?? > Maybe you could use that. > > Cheers > > Am 11.01.2012 um 09:09 schrieb Miroslav Stampar < > mir...@gm...>: > > Hi guys. > > This would be implemented long time ago only if Python wasn't such really > bad about interrupting it's processes. Sadly, you can 'pause' (interrupt) > them only by Ctrl+C. Now, I can put this there, but it will be clumsy at > least. > > If you have other ideas how to deal with this problem, please tell > > Kind regards, > Miroslav Stampar > On Jan 10, 2012 5:50 PM, "Chris Oakley" <chr...@gm...> > wrote: > >> I'm sure that there are higher priorities than this, but I have to add >> that this would be useful for me too. As an example, on a recent test I >> was grabbing the banner of the DBMS as a quick POC for a client. >> >> The banner was as follows: >> >> Banner: >> --- >> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) >> Dec 16 2008 19:46:53 >> Copyright (c) 1988-2003 Microsoft Corporation >> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) >> --- >> >> This was a time based blind injection, so each of the above characters >> took an average of 20 seconds to retrieve. It's perfectly obvious what the >> "Microsoft Corporation" part is going to be, for example. When each >> character takes many queries with wait commands to retrieve, this can be >> quite heavy on the DBMS. >> >> Not a huge deal, but if this feature made it into a future release, I >> certainly wouldn't complain. >> >> Regards >> >> Chris >> >> On 10 January 2012 16:42, ryan cartner <rya...@gm...> wrote: >> >>> Not sure how difficult this would be to implement, or whether or not >>> anyone elses workflow would benefit from it, but I thought I'd throw it out >>> there. >>> >>> When sqlmap is retrieving characters for a string, it's often obvious >>> what the string is long before sqlmap retrieves it all. Would be nice if I >>> could stop it, submit a guess, and have sqlmap test that before continuing >>> on. >>> >>> I imagine this would be kinda tough with threads but I haven't >>> familiarized myself wtih the code enough to know. >>> >>> >>> ------------------------------------------------------------------------------ >>> Write once. Port to many. >>> Get the SDK and tools to simplify cross-platform app development. Create >>> new or port existing apps to sell to consumers worldwide. Explore the >>> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join >>> http://p.sf.net/sfu/intel-appdev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Write once. Port to many. >> Get the SDK and tools to simplify cross-platform app development. Create >> new or port existing apps to sell to consumers worldwide. Explore the >> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join >> http://p.sf.net/sfu/intel-appdev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
