I think Ctrl+C is going to be the only way to do it reliably in Python. I
wasn't actually aware of the --predict-output switch and will have a play,
but from the description it does sound like it falls short a little. That
said, if there are higher priority features or bug fixes... it's not the
end of the world having to wait as it is :) - Chris
On 11 January 2012 08:56, Miroslav Stampar <miroslav.stam...@gmail.com>wrote:
> Hi again.
>
> Minor update. --predict-output switch will perform well only on start of
> outputs. So, it will greatly speed up the starting part with "Microsoft SQL
> Server" but the rest is done normally (won't go into detail why and how is
> this performed only for the beginning of the retrieved string).
>
> So, the idea with user contributed guesses is still on.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Wed, Jan 11, 2012 at 9:28 AM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Hi Hans.
>>
>> Basically, you are right. --predict-output is a good replacement for this
>> kind cases, but I am not sure if it's enough for Ryan and Chris.
>>
>> Also, i'll need to take a look into it and maybe upgrade it a bit as
>> there hasn't been development on it for more than a year.
>>
>> Kind regards,
>> Miroslav Stampar
>> On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com> wrote:
>>
>>> Hello everyone,
>>>
>>> Whats with --predict-output ??
>>> Maybe you could use that.
>>>
>>> Cheers
>>>
>>> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar <
>>> miroslav.stam...@gmail.com>:
>>>
>>> Hi guys.
>>>
>>> This would be implemented long time ago only if Python wasn't such
>>> really bad about interrupting it's processes. Sadly, you can 'pause'
>>> (interrupt) them only by Ctrl+C. Now, I can put this there, but it will be
>>> clumsy at least.
>>>
>>> If you have other ideas how to deal with this problem, please tell
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>> On Jan 10, 2012 5:50 PM, "Chris Oakley" < <christopher.oak...@gmail.com>
>>> christopher.oak...@gmail.com> wrote:
>>>
>>>> I'm sure that there are higher priorities than this, but I have to add
>>>> that this would be useful for me too. As an example, on a recent test I
>>>> was grabbing the banner of the DBMS as a quick POC for a client.
>>>>
>>>> The banner was as follows:
>>>>
>>>> Banner:
>>>> ---
>>>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
>>>> Dec 16 2008 19:46:53
>>>> Copyright (c) 1988-2003 Microsoft Corporation
>>>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
>>>> ---
>>>>
>>>> This was a time based blind injection, so each of the above characters
>>>> took an average of 20 seconds to retrieve. It's perfectly obvious what the
>>>> "Microsoft Corporation" part is going to be, for example. When each
>>>> character takes many queries with wait commands to retrieve, this can be
>>>> quite heavy on the DBMS.
>>>>
>>>> Not a huge deal, but if this feature made it into a future release, I
>>>> certainly wouldn't complain.
>>>>
>>>> Regards
>>>>
>>>> Chris
>>>>
>>>> On 10 January 2012 16:42, ryan cartner < <ryan.cart...@gmail.com>
>>>> ryan.cart...@gmail.com> wrote:
>>>>
>>>>> Not sure how difficult this would be to implement, or whether or not
>>>>> anyone elses workflow would benefit from it, but I thought I'd throw it
>>>>> out
>>>>> there.
>>>>>
>>>>> When sqlmap is retrieving characters for a string, it's often obvious
>>>>> what the string is long before sqlmap retrieves it all. Would be nice if I
>>>>> could stop it, submit a guess, and have sqlmap test that before continuing
>>>>> on.
>>>>>
>>>>> I imagine this would be kinda tough with threads but I haven't
>>>>> familiarized myself wtih the code enough to know.
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Write once. Port to many.
>>>>> Get the SDK and tools to simplify cross-platform app development.
>>>>> Create
>>>>> new or port existing apps to sell to consumers worldwide. Explore the
>>>>> Intel AppUpSM program developer opportunity.
>>>>> <http://appdeveloper.intel.com/join>appdeveloper.intel.com/join
>>>>> <http://p.sf.net/sfu/intel-appdev>http://p.sf.net/sfu/intel-appdev
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> <sqlmap-users@lists.sourceforge.net>
>>>>> sqlmap-users@lists.sourceforge.net
>>>>> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Write once. Port to many.
>>>> Get the SDK and tools to simplify cross-platform app development. Create
>>>> new or port existing apps to sell to consumers worldwide. Explore the
>>>> Intel AppUpSM program developer opportunity.
>>>> <http://appdeveloper.intel.com/join>appdeveloper.intel.com/join
>>>> <http://p.sf.net/sfu/intel-appdev>http://p.sf.net/sfu/intel-appdev
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> <sqlmap-users@lists.sourceforge.net>sqlmap-users@lists.sourceforge.net
>>>> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>> ------------------------------------------------------------------------------
>>> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
>>> infrastructure or vast IT resources to deliver seamless, secure access to
>>> virtual desktops. With this all-in-one solution, easily deploy virtual
>>> desktops for less than the cost of PCs and save 60% on VDI
>>> infrastructure
>>> costs. Try it free! <http://p.sf.net/sfu/Citrix-VDIinabox>
>>> http://p.sf.net/sfu/Citrix-VDIinabox
>>>
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
