Hi Hans.
Basically, you are right. --predict-output is a good replacement for this
kind cases, but I am not sure if it's enough for Ryan and Chris.
Also, i'll need to take a look into it and maybe upgrade it a bit as there
hasn't been development on it for more than a year.
Kind regards,
Miroslav Stampar
On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com> wrote:
> Hello everyone,
>
> Whats with --predict-output ??
> Maybe you could use that.
>
> Cheers
>
> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar <
> miroslav.stam...@gmail.com>:
>
> Hi guys.
>
> This would be implemented long time ago only if Python wasn't such really
> bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
> them only by Ctrl+C. Now, I can put this there, but it will be clumsy at
> least.
>
> If you have other ideas how to deal with this problem, please tell
>
> Kind regards,
> Miroslav Stampar
> On Jan 10, 2012 5:50 PM, "Chris Oakley" <christopher.oak...@gmail.com>
> wrote:
>
>> I'm sure that there are higher priorities than this, but I have to add
>> that this would be useful for me too. As an example, on a recent test I
>> was grabbing the banner of the DBMS as a quick POC for a client.
>>
>> The banner was as follows:
>>
>> Banner:
>> ---
>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
>> Dec 16 2008 19:46:53
>> Copyright (c) 1988-2003 Microsoft Corporation
>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
>> ---
>>
>> This was a time based blind injection, so each of the above characters
>> took an average of 20 seconds to retrieve. It's perfectly obvious what the
>> "Microsoft Corporation" part is going to be, for example. When each
>> character takes many queries with wait commands to retrieve, this can be
>> quite heavy on the DBMS.
>>
>> Not a huge deal, but if this feature made it into a future release, I
>> certainly wouldn't complain.
>>
>> Regards
>>
>> Chris
>>
>> On 10 January 2012 16:42, ryan cartner <ryan.cart...@gmail.com> wrote:
>>
>>> Not sure how difficult this would be to implement, or whether or not
>>> anyone elses workflow would benefit from it, but I thought I'd throw it out
>>> there.
>>>
>>> When sqlmap is retrieving characters for a string, it's often obvious
>>> what the string is long before sqlmap retrieves it all. Would be nice if I
>>> could stop it, submit a guess, and have sqlmap test that before continuing
>>> on.
>>>
>>> I imagine this would be kinda tough with threads but I haven't
>>> familiarized myself wtih the code enough to know.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Write once. Port to many.
>>> Get the SDK and tools to simplify cross-platform app development. Create
>>> new or port existing apps to sell to consumers worldwide. Explore the
>>> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
>>> http://p.sf.net/sfu/intel-appdev
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Write once. Port to many.
>> Get the SDK and tools to simplify cross-platform app development. Create
>> new or port existing apps to sell to consumers worldwide. Explore the
>> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
>> http://p.sf.net/sfu/intel-appdev
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
