Hi again.
Minor update. --predict-output switch will perform well only on start of
outputs. So, it will greatly speed up the starting part with "Microsoft SQL
Server" but the rest is done normally (won't go into detail why and how is
this performed only for the beginning of the retrieved string).
So, the idea with user contributed guesses is still on.
Kind regards,
Miroslav Stampar
On Wed, Jan 11, 2012 at 9:28 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi Hans.
>
> Basically, you are right. --predict-output is a good replacement for this
> kind cases, but I am not sure if it's enough for Ryan and Chris.
>
> Also, i'll need to take a look into it and maybe upgrade it a bit as there
> hasn't been development on it for more than a year.
>
> Kind regards,
> Miroslav Stampar
> On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com> wrote:
>
>> Hello everyone,
>>
>> Whats with --predict-output ??
>> Maybe you could use that.
>>
>> Cheers
>>
>> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar <
>> miroslav.stam...@gmail.com>:
>>
>> Hi guys.
>>
>> This would be implemented long time ago only if Python wasn't such really
>> bad about interrupting it's processes. Sadly, you can 'pause' (interrupt)
>> them only by Ctrl+C. Now, I can put this there, but it will be clumsy at
>> least.
>>
>> If you have other ideas how to deal with this problem, please tell
>>
>> Kind regards,
>> Miroslav Stampar
>> On Jan 10, 2012 5:50 PM, "Chris Oakley" < <christopher.oak...@gmail.com>
>> christopher.oak...@gmail.com> wrote:
>>
>>> I'm sure that there are higher priorities than this, but I have to add
>>> that this would be useful for me too. As an example, on a recent test I
>>> was grabbing the banner of the DBMS as a quick POC for a client.
>>>
>>> The banner was as follows:
>>>
>>> Banner:
>>> ---
>>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
>>> Dec 16 2008 19:46:53
>>> Copyright (c) 1988-2003 Microsoft Corporation
>>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
>>> ---
>>>
>>> This was a time based blind injection, so each of the above characters
>>> took an average of 20 seconds to retrieve. It's perfectly obvious what the
>>> "Microsoft Corporation" part is going to be, for example. When each
>>> character takes many queries with wait commands to retrieve, this can be
>>> quite heavy on the DBMS.
>>>
>>> Not a huge deal, but if this feature made it into a future release, I
>>> certainly wouldn't complain.
>>>
>>> Regards
>>>
>>> Chris
>>>
>>> On 10 January 2012 16:42, ryan cartner < <ryan.cart...@gmail.com>
>>> ryan.cart...@gmail.com> wrote:
>>>
>>>> Not sure how difficult this would be to implement, or whether or not
>>>> anyone elses workflow would benefit from it, but I thought I'd throw it out
>>>> there.
>>>>
>>>> When sqlmap is retrieving characters for a string, it's often obvious
>>>> what the string is long before sqlmap retrieves it all. Would be nice if I
>>>> could stop it, submit a guess, and have sqlmap test that before continuing
>>>> on.
>>>>
>>>> I imagine this would be kinda tough with threads but I haven't
>>>> familiarized myself wtih the code enough to know.
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Write once. Port to many.
>>>> Get the SDK and tools to simplify cross-platform app development. Create
>>>> new or port existing apps to sell to consumers worldwide. Explore the
>>>> Intel AppUpSM program developer opportunity.
>>>> <http://appdeveloper.intel.com/join>appdeveloper.intel.com/join
>>>> <http://p.sf.net/sfu/intel-appdev>http://p.sf.net/sfu/intel-appdev
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> <sqlmap-users@lists.sourceforge.net>sqlmap-users@lists.sourceforge.net
>>>> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Write once. Port to many.
>>> Get the SDK and tools to simplify cross-platform app development. Create
>>> new or port existing apps to sell to consumers worldwide. Explore the
>>> Intel AppUpSM program developer opportunity.
>>> <http://appdeveloper.intel.com/join>appdeveloper.intel.com/join
>>> <http://p.sf.net/sfu/intel-appdev>http://p.sf.net/sfu/intel-appdev
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> <sqlmap-users@lists.sourceforge.net>sqlmap-users@lists.sourceforge.net
>>> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>> ------------------------------------------------------------------------------
>> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
>> infrastructure or vast IT resources to deliver seamless, secure access to
>> virtual desktops. With this all-in-one solution, easily deploy virtual
>> desktops for less than the cost of PCs and save 60% on VDI infrastructure
>> costs. Try it free! <http://p.sf.net/sfu/Citrix-VDIinabox>
>> http://p.sf.net/sfu/Citrix-VDIinabox
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
