Hi Chris, You can tune txt/common-outputs.txt to your needs in order to make --predict-output more efficient for your test.
Bernardo On 11 January 2012 11:29, Chris Oakley <christopher.oak...@gmail.com> wrote: > I think Ctrl+C is going to be the only way to do it reliably in Python. I > wasn't actually aware of the --predict-output switch and will have a play, > but from the description it does sound like it falls short a little. That > said, if there are higher priority features or bug fixes... it's not the end > of the world having to wait as it is :) - Chris > > > On 11 January 2012 08:56, Miroslav Stampar <miroslav.stam...@gmail.com> > wrote: >> >> Hi again. >> >> Minor update. --predict-output switch will perform well only on start of >> outputs. So, it will greatly speed up the starting part with "Microsoft SQL >> Server" but the rest is done normally (won't go into detail why and how is >> this performed only for the beginning of the retrieved string). >> >> So, the idea with user contributed guesses is still on. >> >> Kind regards, >> Miroslav Stampar >> >> >> On Wed, Jan 11, 2012 at 9:28 AM, Miroslav Stampar >> <miroslav.stam...@gmail.com> wrote: >>> >>> Hi Hans. >>> >>> Basically, you are right. --predict-output is a good replacement for this >>> kind cases, but I am not sure if it's enough for Ryan and Chris. >>> >>> Also, i'll need to take a look into it and maybe upgrade it a bit as >>> there hasn't been development on it for more than a year. >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com> wrote: >>>> >>>> Hello everyone, >>>> >>>> Whats with --predict-output ?? >>>> Maybe you could use that. >>>> >>>> Cheers >>>> >>>> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar >>>> <miroslav.stam...@gmail.com>: >>>> >>>> Hi guys. >>>> >>>> This would be implemented long time ago only if Python wasn't such >>>> really bad about interrupting it's processes. Sadly, you can 'pause' >>>> (interrupt) them only by Ctrl+C. Now, I can put this there, but it will be >>>> clumsy at least. >>>> >>>> If you have other ideas how to deal with this problem, please tell >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> On Jan 10, 2012 5:50 PM, "Chris Oakley" <christopher.oak...@gmail.com> >>>> wrote: >>>>> >>>>> I'm sure that there are higher priorities than this, but I have to add >>>>> that this would be useful for me too. As an example, on a recent test I >>>>> was >>>>> grabbing the banner of the DBMS as a quick POC for a client. >>>>> >>>>> The banner was as follows: >>>>> >>>>> Banner: >>>>> --- >>>>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) >>>>> Dec 16 2008 19:46:53 >>>>> Copyright (c) 1988-2003 Microsoft Corporation >>>>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) >>>>> --- >>>>> >>>>> This was a time based blind injection, so each of the above characters >>>>> took an average of 20 seconds to retrieve. It's perfectly obvious what >>>>> the >>>>> "Microsoft Corporation" part is going to be, for example. When each >>>>> character takes many queries with wait commands to retrieve, this can be >>>>> quite heavy on the DBMS. >>>>> >>>>> Not a huge deal, but if this feature made it into a future release, I >>>>> certainly wouldn't complain. >>>>> >>>>> Regards >>>>> >>>>> Chris >>>>> >>>>> On 10 January 2012 16:42, ryan cartner <ryan.cart...@gmail.com> wrote: >>>>>> >>>>>> Not sure how difficult this would be to implement, or whether or not >>>>>> anyone elses workflow would benefit from it, but I thought I'd throw it >>>>>> out >>>>>> there. >>>>>> >>>>>> When sqlmap is retrieving characters for a string, it's often obvious >>>>>> what the string is long before sqlmap retrieves it all. Would be nice if >>>>>> I >>>>>> could stop it, submit a guess, and have sqlmap test that before >>>>>> continuing >>>>>> on. >>>>>> >>>>>> I imagine this would be kinda tough with threads but I haven't >>>>>> familiarized myself wtih the code enough to know. >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Write once. Port to many. >>>>>> Get the SDK and tools to simplify cross-platform app development. >>>>>> Create >>>>>> new or port existing apps to sell to consumers worldwide. Explore the >>>>>> Intel AppUpSM program developer opportunity. >>>>>> appdeveloper.intel.com/join >>>>>> http://p.sf.net/sfu/intel-appdev >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sqlmap-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Write once. Port to many. >>>>> Get the SDK and tools to simplify cross-platform app development. >>>>> Create >>>>> new or port existing apps to sell to consumers worldwide. Explore the >>>>> Intel AppUpSM program developer opportunity. >>>>> appdeveloper.intel.com/join >>>>> http://p.sf.net/sfu/intel-appdev >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sqlmap-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a >>>> complex >>>> infrastructure or vast IT resources to deliver seamless, secure access >>>> to >>>> virtual desktops. With this all-in-one solution, easily deploy virtual >>>> desktops for less than the cost of PCs and save 60% on VDI >>>> infrastructure >>>> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >>>> >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sqlmap-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
