Re: [sqlmap-users] 113 tables on database
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 113 tables on database
|
From: Indra Z. <net...@gm...> - 2015-09-28 08:25:48
|
Mysql
On Sep 28, 2015 3:18 PM, "Miroslav Stampar" <mir...@gm...>
wrote:
> Which DBMS?
>
> Bye
>
> On Mon, Sep 28, 2015 at 10:07 AM, Indra Zulkarnain <net...@gm...
> > wrote:
>
>> Hi miro
>>
>> Owh i see..
>> Ok thanks for the reply
>>
>> I'm using time based injection so you can imagine how long it takes for
>> me to do 113 tables from the start instead of resuming from 105
>>
>> Thanks again
>> On Sep 28, 2015 2:45 PM, "Miroslav Stampar" <mir...@gm...>
>> wrote:
>>
>>> Hi.
>>>
>>> You haven't told which SQLi technique has been identified by sqlmap
>>> (e.g. boolean-based blind). Also, has sqlmap extracted those table names by
>>> common table name search or by regular querying of the system tables (you
>>> could remember this from first sqlmap's run).
>>>
>>> If you are combining --common-tables with regular --tables, especially
>>> if the sqlmap uses regular querying of system tables, this won't work.
>>> Thing is that sqlmap doesn't know what is the "first table in database",
>>> nor "second table in database", nor... All those tables are the same when
>>> querying from system tables. Also, there can't be one huge "...WHERE
>>> table_name NOT IN ('...','...'...)" as your request would most probably be
>>> dropped by the web server (due to its HUGE length).
>>>
>>> Bye
>>>
>>> On Mon, Sep 28, 2015 at 3:40 AM, Indra Zulkarnain <
>>> net...@gm...> wrote:
>>>
>>>> Hi, miro thanks for the reply
>>>>
>>>> Actually I already have 105 tables name crack so I use it in common
>>>> tables.
>>>> I'm try to run a sqlmap with - - common tables
>>>>
>>>> So far it works a sqlmap successfully brute force all the 105 table
>>>> names
>>>> But when I try to resume it with --tables it start from 1 again
>>>>
>>>> I just thought that if a sqlmap can do start and stop for data
>>>> extraction why not table names
>>>> On Sep 27, 2015 9:01 PM, "Miroslav Stampar" <mir...@gm...>
>>>> wrote:
>>>>
>>>>> In case of flushing the session, nothing is being left (session is
>>>>> erased and overwritten).
>>>>>
>>>>> Bye
>>>>>
>>>>> On Sun, Sep 27, 2015 at 5:45 AM, Indra Zulkarnain <
>>>>> net...@gm...> wrote:
>>>>>
>>>>>> hi guys
>>>>>>
>>>>>> is there a way to resume tables injection
>>>>>>
>>>>>> i already have 105 tables but then i flush the session
>>>>>> how do i start from 105 to 113 tables
>>>>>>
>>>>>> thanks
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> _______________________________________________
>>>>>> sqlmap-users mailing list
>>>>>> sql...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Miroslav Stampar
>>>>> http://about.me/stamparm
>>>>>
>>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
|
