Miroslav,
Thanks for the reply. I was looking at my tcpdump wrong. The dns traffic I
saw was from my sqlmap system itself looking up the target’s dns name, not the
target (or any other host) querying for records on my domain.
So it seems that the target system isn’t sending dns queries out.
Hi.
I am pretty sure that you are targeting LAMP server, while DNS exfiltration
against MySQL DBMS works only if the target is a Windows machine (LOAD_FILE
is provided with a SMB path containing attacker's domain (prefixed with SQL
query result as a subdomain) forcing DNS resolution).
Bye
On Jan
Hi Chris.
It looks quite right. It would be tremendously helpful if you could send a
console output and a tcpdump (you can limit to only port 53) for a
following run:
sudo python sqlmap.py -u "" --flush-session --banner --dns-domain="..."
>From your given description it looks like everything
