Re: [sqlmap-users] Character frequency during boolean-based attacks
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Character frequency during boolean-based attacks
|
From: Brandon P. <bpe...@gm...> - 2015-11-16 18:41:09
|
Also, obviously password hashes and the like are not english, so this would mostly be useful potentially for table/column name enumeration. On Mon, Nov 16, 2015 at 12:28 PM, Brandon Perry <bpe...@gm...> wrote: > The other night, I was performing a boolean-based attack. I realised that > iterating from a-zA-Z0-9 as bytes to compare on the SQL server could be > optimized, but only for Latin/English languages, so not sure how useful > this would be. > > During boolean-based blind attacks, would it be useful to use a character > frequency map as opposed to iterating over each potential char serially? > > For instance: > > > https://en.wikipedia.org/wiki/Letter_frequency#Relative_frequencies_of_letters_in_the_English_language > > Note that the top 5 letters in the English language are e, t, a, o, and i. > Statistically speaking, bruteforcing in the order of the character > frequency could greatly decrease the number of HTTP requests required to > determine a given character. > > > However, this might be too complex/out of scope for sqlmap. Was just a > thought I had. Thoughts? > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
