Re: [sqlmap-users] 113 tables on database
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 113 tables on database
|
From: Miroslav S. <mir...@gm...> - 2015-09-28 09:04:08
|
Just a sec. Will do some "adjustments" :)
Bye
On Mon, Sep 28, 2015 at 10:25 AM, Indra Zulkarnain <net...@gm...>
wrote:
> Mysql
> On Sep 28, 2015 3:18 PM, "Miroslav Stampar" <mir...@gm...>
> wrote:
>
>> Which DBMS?
>>
>> Bye
>>
>> On Mon, Sep 28, 2015 at 10:07 AM, Indra Zulkarnain <
>> net...@gm...> wrote:
>>
>>> Hi miro
>>>
>>> Owh i see..
>>> Ok thanks for the reply
>>>
>>> I'm using time based injection so you can imagine how long it takes for
>>> me to do 113 tables from the start instead of resuming from 105
>>>
>>> Thanks again
>>> On Sep 28, 2015 2:45 PM, "Miroslav Stampar" <mir...@gm...>
>>> wrote:
>>>
>>>> Hi.
>>>>
>>>> You haven't told which SQLi technique has been identified by sqlmap
>>>> (e.g. boolean-based blind). Also, has sqlmap extracted those table names by
>>>> common table name search or by regular querying of the system tables (you
>>>> could remember this from first sqlmap's run).
>>>>
>>>> If you are combining --common-tables with regular --tables, especially
>>>> if the sqlmap uses regular querying of system tables, this won't work.
>>>> Thing is that sqlmap doesn't know what is the "first table in database",
>>>> nor "second table in database", nor... All those tables are the same when
>>>> querying from system tables. Also, there can't be one huge "...WHERE
>>>> table_name NOT IN ('...','...'...)" as your request would most probably be
>>>> dropped by the web server (due to its HUGE length).
>>>>
>>>> Bye
>>>>
>>>> On Mon, Sep 28, 2015 at 3:40 AM, Indra Zulkarnain <
>>>> net...@gm...> wrote:
>>>>
>>>>> Hi, miro thanks for the reply
>>>>>
>>>>> Actually I already have 105 tables name crack so I use it in common
>>>>> tables.
>>>>> I'm try to run a sqlmap with - - common tables
>>>>>
>>>>> So far it works a sqlmap successfully brute force all the 105 table
>>>>> names
>>>>> But when I try to resume it with --tables it start from 1 again
>>>>>
>>>>> I just thought that if a sqlmap can do start and stop for data
>>>>> extraction why not table names
>>>>> On Sep 27, 2015 9:01 PM, "Miroslav Stampar" <
>>>>> mir...@gm...> wrote:
>>>>>
>>>>>> In case of flushing the session, nothing is being left (session is
>>>>>> erased and overwritten).
>>>>>>
>>>>>> Bye
>>>>>>
>>>>>> On Sun, Sep 27, 2015 at 5:45 AM, Indra Zulkarnain <
>>>>>> net...@gm...> wrote:
>>>>>>
>>>>>>> hi guys
>>>>>>>
>>>>>>> is there a way to resume tables injection
>>>>>>>
>>>>>>> i already have 105 tables but then i flush the session
>>>>>>> how do i start from 105 to 113 tables
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> _______________________________________________
>>>>>>> sqlmap-users mailing list
>>>>>>> sql...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Miroslav Stampar
>>>>>> http://about.me/stamparm
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Miroslav Stampar
>>>> http://about.me/stamparm
>>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
--
Miroslav Stampar
http://about.me/stamparm
|
