Re: [sqlmap-users] feature request: fetch DNS queries from DNS server via HTTP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi.

I see your point, but this is more a case for a some kind of PoC tool (and
not sqlmap). Such scenario would (IMO) involve one more step in already
non-simple setup. It's not that it doesn't have any sense, but it doesn't
help the automated tool like sqlmap.

Kind regards,
Miroslav Stampar

On Wed, Apr 17, 2013 at 7:09 PM, buawig <bu...@gm...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> > Problem is that sqlmap needs to have data retrieved to be able to
> > do it's normal workflow. For example, if you do --dump sqlmap
> > needs to know table columns. In your proposed case that would be
> > problematic. Also, there are lots of cases when we ask server for
> > a simple questions and we need an answer to be able to proceed.
> >
> > Also, in sqlmap DNS exfiltration works only if one other slower
> > technique is available (e.g. time-based blind and/or boolean-based
> > blind). In your proposed case that technique would need to be
> > ignored completely - as it's automatically being used if DNS
> > exfiltration fails.
>
> Hi Miraoslav,
>
> thanks for your answer.
> Yes, I wouldn't expect sqlmap to work "as usual" in such a scenario,
> but the manual back and forth wouldn't probably be much fun.
>
> An automated approach would be to make DNS querries reaching the DNS
> server available to sqlmap via HTTP since the internal host running
> sqlmap can also reach the DNS server.
> A simple script on the DNS server could simply write incoming DNS
> queries to a file that can be fetched via HTTP from sqlmap.
>
> So the request flow would be:
>
> 1) sqlmap host -> target
> 2) target makes DNS query to the attacker's DNS server
> 3) DNS server makes inbound queries available via HTTP i.e.
> https://attacker.com/dnsqueries.txt (optionally protected via HTTP auth)
> 4) after (1) sqlmap fetches DNS queries from
> https://attacker.com/dnsqueries.txt
>
> I realize that such an "internal" scenario might be not the most
> common setup, but nonetheless I wanted to share that problem and some
> thoughts about it.
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJRbtdKAAoJEJeRHQyF0ukM2WMQAINOvTBT9CA0N/ny5FbLJbeA
> UgW6ccUjeDDznI4vqOfq/LpRoStrOytkFiOoc4mWuCVHXG0wTTXIVgtQWHCZNkVd
> io3a4K/AAaLy9I5PUw3cAhar2djPTyJaR5FhobSriex2Pq5oGgQ5bORMXrRZD4rO
> f+dpZv2zVqNR9EMd5n56gmb1gkCQod8u3XrvN0WCiPOsK14y2tcMZPwpYAbJa68W
> W7+6/7Q03aoRPCpkf65Qg2U9cilXgHv6CJhF+VHDG3ODsB/PqnerBVzgB3997QEl
> Ei8lZrGua30e9ITd+qgKRILZjowRuTMiA/8BnktlMIFXh5fIn62k9xuT0B8d39kd
> v0g7harf3+uEb2KcnfnuHjzWU+TX3grz2ObdSJSg31O7Z6xNgHSVpsAVYc6Jo+uu
> CPggsaJZ5Mx9x3Av2kxmK1Tk/kXtMvTd0R6NowZsxU1rH/316LTnZna9nSL0Qb5S
> fUmvyEc5SIBvDnSA+R/85UAEqcHvXSeZESL55Sg/3oqTRZKcTH/1dogfcAjBZ7GB
> vFuo+VtJcPlLYqR/Lah/kvz0QVwTDmssirNz4aOhbdDjfpH+9iAjgVo3mbK1klr+
> H9jhnrevH/fykFng8WJg040UoSiBpdJuUjqNm2bqbK3p9a+LosmPQ9+u7yjqQHNn
> FjIud4U9OHtX2Mh5nwr7
> =lb5m
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Miroslav Stampar
http://about.me/stamparm