Re: [sqlmap-users] Character frequency during boolean-based attacks
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Character frequency during boolean-based attacks
|
From: Brandon P. <bpe...@gm...> - 2015-11-16 19:01:05
|
Ah, that's great to know. I will have to look at this more deeply. Thanks for the quick response. On Mon, Nov 16, 2015 at 12:59 PM, Miroslav Stampar < mir...@gm...> wrote: > Also, please don't run with -o to see what sqlmap does, as I know that you > like to use that switch. -o turns on character prediction which > statistically predicts which could be the current character based on > previous responses. In those cases sqlmap compares to most likely chars at > the beginning while using binary search in case of miss. > > Bye > On Nov 16, 2015 7:53 PM, "Miroslav Stampar" <mir...@gm...> > wrote: > >> Please run with -v 3 to see what sqlmap does. It doesn't iterate serially >> for all characters. It uses binary search. On average it requires cca. 5-6 >> requests per char. >> >> Bye >> On Nov 16, 2015 7:28 PM, "Brandon Perry" <bpe...@gm...> >> wrote: >> >>> The other night, I was performing a boolean-based attack. I realised >>> that iterating from a-zA-Z0-9 as bytes to compare on the SQL server could >>> be optimized, but only for Latin/English languages, so not sure how useful >>> this would be. >>> >>> During boolean-based blind attacks, would it be useful to use a >>> character frequency map as opposed to iterating over each potential char >>> serially? >>> >>> For instance: >>> >>> >>> https://en.wikipedia.org/wiki/Letter_frequency#Relative_frequencies_of_letters_in_the_English_language >>> >>> Note that the top 5 letters in the English language are e, t, a, o, and >>> i. Statistically speaking, bruteforcing in the order of the character >>> frequency could greatly decrease the number of HTTP requests required to >>> determine a given character. >>> >>> >>> However, this might be too complex/out of scope for sqlmap. Was just a >>> thought I had. Thoughts? >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >>> >>> ------------------------------------------------------------------------------ >>> Presto, an open source distributed SQL query engine for big data, >>> initially >>> developed by Facebook, enables you to easily query your data on Hadoop >>> in a >>> more interactive manner. Teradata is also now providing full enterprise >>> support for Presto. Download a free open source copy now. >>> http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
