AFAIK sqlmap uses into DUMPFILE and the speed of grabbing files within this
function depends on the used technique it self during the injection
On Fri, Sep 9, 2011 at 6:17 PM, ryan cartner <ryan.cart...@gmail.com> wrote:
> Using --file-read on some injections can take a long time if the file must
> be retrieved one character at a time. Currently there is no easy way to view
> a partially downloaded file. This python script will do that. Simply run
> sqlmap with --file-read and once you've read part of the file, run the
> script like this:
>
> python ./partialfile.py -s ./output/www.something.com/session -f
> global.asa
>
> it will grab the hex stream out of the sqlmap session file, convert it, and
> spit it back out :)
> Unfortunately this workaround is incompatible with --threads for two
> reasons. First, sqlmap doesn't write out to the session file until either
> it's finished or it receives sigint. second, in all my testing I haven't
> been able to get it to take sigint (ctrl-c) when --threads is being used.
> If anybody can figure out a fix for this i'm all ears :)
>
> #!/usr/bin/python
>
> import optparse, re, binascii
>
> parser = optparse.OptionParser()
> parser.add_option('-s', help='sqlmap session file', dest='ses', nargs=1)
> parser.add_option('-f', help='the filename of the file you are
> downloading', dest=dl', nargs=1)
> (opts, args) = parser.parse_args()
>
> if opts.ses is None or opts.dl is None:
> print "Both a session file and the name of the file you are downloading are
> required."
> parser.print_help()
> exit(-1)
> print "Session file: " + opts.ses
> pritn "Downloaded file: " + opts.dl
>
> f = open(opts.ses).read()
> m = re.compile(opts.dl+"\'\)\)\]\[(.+?)$").search(f).group(1)
>
> if len(m) % 2 != 0
> m=m[0:-1]
>
> print binascii.unhexlify(m)
>
>
>
> ------------------------------------------------------------------------------
> Why Cloud-Based Security and Archiving Make Sense
> Osterman Research conducted this study that outlines how and why cloud
> computing security and archiving is rapidly being adopted across the IT
> space for its ease of implementation, lower cost, and increased
> reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
- Ahmed Shawky El-Antry
- lnxg33k owner "http://lnxg33k.wordpress.com";
- Isecur1ty team member"http://www.isecur1ty.org";
- Twitter @lnxg33k
------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT
space for its ease of implementation, lower cost, and increased
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
