On 11 January 2012 11:32, Bernardo Damele A. G. <bernardo.dam...@gmail.com> wrote: > Hi Chris, > > You can tune txt/common-outputs.txt to your needs in order to make > --predict-output more efficient for your test. > > Bernardo > > On 11 January 2012 11:29, Chris Oakley <christopher.oak...@gmail.com> wrote: >> I think Ctrl+C is going to be the only way to do it reliably in Python. I >> wasn't actually aware of the --predict-output switch and will have a play, >> but from the description it does sound like it falls short a little. That >> said, if there are higher priority features or bug fixes... it's not the end >> of the world having to wait as it is :) - Chris >
Not sure if it would work but what about having a thread on the side that checked for keyboard input, if you hit a specific key it sets a flag in a singleton. The worker threads check that singleton on each iteration of the loop and if they see the flag set then they pause. You then do the manual stuff and then resume the threads or kill them as necessary. Robin >> >> On 11 January 2012 08:56, Miroslav Stampar <miroslav.stam...@gmail.com> >> wrote: >>> >>> Hi again. >>> >>> Minor update. --predict-output switch will perform well only on start of >>> outputs. So, it will greatly speed up the starting part with "Microsoft SQL >>> Server" but the rest is done normally (won't go into detail why and how is >>> this performed only for the beginning of the retrieved string). >>> >>> So, the idea with user contributed guesses is still on. >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> >>> On Wed, Jan 11, 2012 at 9:28 AM, Miroslav Stampar >>> <miroslav.stam...@gmail.com> wrote: >>>> >>>> Hi Hans. >>>> >>>> Basically, you are right. --predict-output is a good replacement for this >>>> kind cases, but I am not sure if it's enough for Ryan and Chris. >>>> >>>> Also, i'll need to take a look into it and maybe upgrade it a bit as >>>> there hasn't been development on it for more than a year. >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com> wrote: >>>>> >>>>> Hello everyone, >>>>> >>>>> Whats with --predict-output ?? >>>>> Maybe you could use that. >>>>> >>>>> Cheers >>>>> >>>>> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar >>>>> <miroslav.stam...@gmail.com>: >>>>> >>>>> Hi guys. >>>>> >>>>> This would be implemented long time ago only if Python wasn't such >>>>> really bad about interrupting it's processes. Sadly, you can 'pause' >>>>> (interrupt) them only by Ctrl+C. Now, I can put this there, but it will be >>>>> clumsy at least. >>>>> >>>>> If you have other ideas how to deal with this problem, please tell >>>>> >>>>> Kind regards, >>>>> Miroslav Stampar >>>>> >>>>> On Jan 10, 2012 5:50 PM, "Chris Oakley" <christopher.oak...@gmail.com> >>>>> wrote: >>>>>> >>>>>> I'm sure that there are higher priorities than this, but I have to add >>>>>> that this would be useful for me too. As an example, on a recent test I >>>>>> was >>>>>> grabbing the banner of the DBMS as a quick POC for a client. >>>>>> >>>>>> The banner was as follows: >>>>>> >>>>>> Banner: >>>>>> --- >>>>>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) >>>>>> Dec 16 2008 19:46:53 >>>>>> Copyright (c) 1988-2003 Microsoft Corporation >>>>>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2) >>>>>> --- >>>>>> >>>>>> This was a time based blind injection, so each of the above characters >>>>>> took an average of 20 seconds to retrieve. It's perfectly obvious what >>>>>> the >>>>>> "Microsoft Corporation" part is going to be, for example. When each >>>>>> character takes many queries with wait commands to retrieve, this can be >>>>>> quite heavy on the DBMS. >>>>>> >>>>>> Not a huge deal, but if this feature made it into a future release, I >>>>>> certainly wouldn't complain. >>>>>> >>>>>> Regards >>>>>> >>>>>> Chris >>>>>> >>>>>> On 10 January 2012 16:42, ryan cartner <ryan.cart...@gmail.com> wrote: >>>>>>> >>>>>>> Not sure how difficult this would be to implement, or whether or not >>>>>>> anyone elses workflow would benefit from it, but I thought I'd throw it >>>>>>> out >>>>>>> there. >>>>>>> >>>>>>> When sqlmap is retrieving characters for a string, it's often obvious >>>>>>> what the string is long before sqlmap retrieves it all. Would be nice >>>>>>> if I >>>>>>> could stop it, submit a guess, and have sqlmap test that before >>>>>>> continuing >>>>>>> on. >>>>>>> >>>>>>> I imagine this would be kinda tough with threads but I haven't >>>>>>> familiarized myself wtih the code enough to know. >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Write once. Port to many. >>>>>>> Get the SDK and tools to simplify cross-platform app development. >>>>>>> Create >>>>>>> new or port existing apps to sell to consumers worldwide. Explore the >>>>>>> Intel AppUpSM program developer opportunity. >>>>>>> appdeveloper.intel.com/join >>>>>>> http://p.sf.net/sfu/intel-appdev >>>>>>> _______________________________________________ >>>>>>> sqlmap-users mailing list >>>>>>> sqlmap-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Write once. Port to many. >>>>>> Get the SDK and tools to simplify cross-platform app development. >>>>>> Create >>>>>> new or port existing apps to sell to consumers worldwide. Explore the >>>>>> Intel AppUpSM program developer opportunity. >>>>>> appdeveloper.intel.com/join >>>>>> http://p.sf.net/sfu/intel-appdev >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sqlmap-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a >>>>> complex >>>>> infrastructure or vast IT resources to deliver seamless, secure access >>>>> to >>>>> virtual desktops. With this all-in-one solution, easily deploy virtual >>>>> desktops for less than the cost of PCs and save 60% on VDI >>>>> infrastructure >>>>> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >>>>> >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sqlmap-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >> >> >> >> ------------------------------------------------------------------------------ >> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex >> infrastructure or vast IT resources to deliver seamless, secure access to >> virtual desktops. With this all-in-one solution, easily deploy virtual >> desktops for less than the cost of PCs and save 60% on VDI infrastructure >> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Bernardo Damele A. G. > > Homepage: http://about.me/inquis > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
