sqlmap-users

[sqlmap-users] DNS Exfiltration

[<bu...@gm...>]

Hi,

will sqlmap support DNS exfiltration for dbms that have such a feature?
e.g.
oracle:
UTL_INADDR.get_host_address()
UTL_HTTP.REQUEST()

for such a feature new options would be needed:
--domain  Domain used for exfitrating results.
--port   Port on which sqlmap should listen for incoming DNS requests.
Default 53.
The latter could be useful if root redirects traffic from 53 to a high
port, where also non-root user could open a listener. This way sqlmap
wouldn't have to run as root.

let me know what you think about it.

Re: [sqlmap-users] DNS Exfiltration

[Miroslav S. <mir...@gm...>]

hi.

we are planning OOB features for v1.0, especially DNS based like the
one you've mentioned.

kr

On Thu, Feb 24, 2011 at 12:27 AM,  <bu...@gm...> wrote:
> Hi,
>
> will sqlmap support DNS exfiltration for dbms that have such a feature?
> e.g.
> oracle:
> UTL_INADDR.get_host_address()
> UTL_HTTP.REQUEST()
>
> for such a feature new options would be needed:
> --domain  Domain used for exfitrating results.
> --port   Port on which sqlmap should listen for incoming DNS requests.
> Default 53.
> The latter could be useful if root redirects traffic from 53 to a high
> port, where also non-root user could open a listener. This way sqlmap
> wouldn't have to run as root.
>
> let me know what you think about it.
>
>
>
> ------------------------------------------------------------------------------
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
> generated by your applications, servers and devices whether physical, virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] DNS Exfiltration

[Bernardo D. A. G. <ber...@gm...>]

Hi,

There exist two families of out-of-band techniques:

* oob to takeover the database server and get command execution on the
underlying os: sqlmap implements several techniques to achieve this
already both via tcp and icmp channel. Support for takeover oob via
dns channel (udp) is planned and will be possibly added to 1.0.

* oob to exfiltrate data from the database: you refer to this. sqlmap
does not implement yet any technique. This can be achieved on a number
of dbms via either tcp or udp channels (mssql openrowset, pgsql
db_link, oracle utl_*, ...) This is planned and will potentially make
it for 1.0 release.

Cheers,
Bernardo Damele A. G.

This message was sent from a smartphone

On 24 Feb 2011, at 07:21, Miroslav Stampar <mir...@gm...> wrote:

> hi.
>
> we are planning OOB features for v1.0, especially DNS based like the
> one you've mentioned.
>
> kr
>
> On Thu, Feb 24, 2011 at 12:27 AM,  <bu...@gm...> wrote:
>> Hi,
>>
>> will sqlmap support DNS exfiltration for dbms that have such a feature?
>> e.g.
>> oracle:
>> UTL_INADDR.get_host_address()
>> UTL_HTTP.REQUEST()
>>
>> for such a feature new options would be needed:
>> --domain  Domain used for exfitrating results.
>> --port   Port on which sqlmap should listen for incoming DNS requests.
>> Default 53.
>> The latter could be useful if root redirects traffic from 53 to a high
>> port, where also non-root user could open a listener. This way sqlmap
>> wouldn't have to run as root.
>>
>> let me know what you think about it.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Free Software Download: Index, Search & Analyze Logs and other IT data in
>> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
>> generated by your applications, servers and devices whether physical, virtual
>> or in the cloud. Deliver compliance at lower cost and gain new business
>> insights. http://p.sf.net/sfu/splunk-dev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>
> ------------------------------------------------------------------------------
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
> generated by your applications, servers and devices whether physical, virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] DNS Exfiltration

[<bu...@gm...>]

On 02/24/2011 11:43 AM, Bernardo Damele A. G. wrote:
> Hi,
> 
> There exist two families of out-of-band techniques:
> 
> * oob to takeover the database server and get command execution on the
> underlying os: sqlmap implements several techniques to achieve this
> already both via tcp and icmp channel. Support for takeover oob via
> dns channel (udp) is planned and will be possibly added to 1.0.
> 
> * oob to exfiltrate data from the database: you refer to this. sqlmap
> does not implement yet any technique. This can be achieved on a number
> of dbms via either tcp or udp channels (mssql openrowset, pgsql
> db_link, oracle utl_*, ...) This is planned and will potentially make
> it for 1.0 release.

What is the current state on DNS exfiltration in sqlmap?

thanks,
buawig

Re: [sqlmap-users] DNS Exfiltration

[Miroslav S. <mir...@gm...>]

Hi.

Currently, there is no support, but it's planed for sure

Kind regards,
Miroslav Stampar
On Feb 21, 2012 9:15 PM, <bu...@gm...> wrote:

> On 02/24/2011 11:43 AM, Bernardo Damele A. G. wrote:
> > Hi,
> >
> > There exist two families of out-of-band techniques:
> >
> > * oob to takeover the database server and get command execution on the
> > underlying os: sqlmap implements several techniques to achieve this
> > already both via tcp and icmp channel. Support for takeover oob via
> > dns channel (udp) is planned and will be possibly added to 1.0.
> >
> > * oob to exfiltrate data from the database: you refer to this. sqlmap
> > does not implement yet any technique. This can be achieved on a number
> > of dbms via either tcp or udp channels (mssql openrowset, pgsql
> > db_link, oracle utl_*, ...) This is planned and will potentially make
> > it for 1.0 release.
>
> What is the current state on DNS exfiltration in sqlmap?
>
> thanks,
> buawig
>
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>