[sqlmap-users] python script to read partial file downloads from the sqlmap session

Fri, 09 Sep 2011 09:17:20 -0700 

Using --file-read on some injections can take a long time if the file must
be retrieved one character at a time. Currently there is no easy way to view
a partially downloaded file. This python script will do that. Simply run
sqlmap with --file-read and once you've read part of the file, run the
script like this:

python ./partialfile.py -s ./output/www.something.com/session -f global.asa

it will grab the hex stream out of the sqlmap session file, convert it, and
spit it back out :)
Unfortunately this workaround is incompatible with --threads for two
reasons. First, sqlmap doesn't write out to the session file until either
it's finished or it receives sigint. second, in all my testing I haven't
been able to get it to take sigint (ctrl-c) when --threads is being used.
If anybody can figure out a fix for this i'm all ears :)

#!/usr/bin/python

import optparse, re, binascii

parser = optparse.OptionParser()
parser.add_option('-s', help='sqlmap session file', dest='ses', nargs=1)
parser.add_option('-f', help='the filename of the file you are downloading',
dest=dl', nargs=1)
(opts, args) = parser.parse_args()

if opts.ses is None or opts.dl is None:
print "Both a session file and the name of the file you are downloading are
required."
parser.print_help()
exit(-1)
print "Session file: " + opts.ses
pritn "Downloaded file: " + opts.dl

f = open(opts.ses).read()
m = re.compile(opts.dl+"\'\)\)\]\[(.+?)$").search(f).group(1)

if len(m) % 2 != 0
m=m[0:-1]

print binascii.unhexlify(m)

------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT 
space for its ease of implementation, lower cost, and increased 
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to