Hi.
As said, python is constrained in this manner. You can't even listen to
keystrokes, so if there would be a 'listening thread' you would need to
enter whole 'guess' and press enter for it to process (also, console output
would be mess) - raw_input().
So, it would be clumsy as well, but other thing brings problems. Threads in
raw_input() mode would need some voodoo for them to be killed.
Kind regards
On Jan 11, 2012 12:41 PM, "Robin Wood" <ro...@digininja.org> wrote:
> On 11 January 2012 11:32, Bernardo Damele A. G.
> <bernardo.dam...@gmail.com> wrote:
> > Hi Chris,
> >
> > You can tune txt/common-outputs.txt to your needs in order to make
> > --predict-output more efficient for your test.
> >
> > Bernardo
> >
> > On 11 January 2012 11:29, Chris Oakley <christopher.oak...@gmail.com>
> wrote:
> >> I think Ctrl+C is going to be the only way to do it reliably in
> Python. I
> >> wasn't actually aware of the --predict-output switch and will have a
> play,
> >> but from the description it does sound like it falls short a little.
> That
> >> said, if there are higher priority features or bug fixes... it's not
> the end
> >> of the world having to wait as it is :) - Chris
> >
>
> Not sure if it would work but what about having a thread on the side
> that checked for keyboard input, if you hit a specific key it sets a
> flag in a singleton. The worker threads check that singleton on each
> iteration of the loop and if they see the flag set then they pause.
> You then do the manual stuff and then resume the threads or kill them
> as necessary.
>
> Robin
>
> >>
> >> On 11 January 2012 08:56, Miroslav Stampar <miroslav.stam...@gmail.com>
> >> wrote:
> >>>
> >>> Hi again.
> >>>
> >>> Minor update. --predict-output switch will perform well only on start
> of
> >>> outputs. So, it will greatly speed up the starting part with
> "Microsoft SQL
> >>> Server" but the rest is done normally (won't go into detail why and
> how is
> >>> this performed only for the beginning of the retrieved string).
> >>>
> >>> So, the idea with user contributed guesses is still on.
> >>>
> >>> Kind regards,
> >>> Miroslav Stampar
> >>>
> >>>
> >>> On Wed, Jan 11, 2012 at 9:28 AM, Miroslav Stampar
> >>> <miroslav.stam...@gmail.com> wrote:
> >>>>
> >>>> Hi Hans.
> >>>>
> >>>> Basically, you are right. --predict-output is a good replacement for
> this
> >>>> kind cases, but I am not sure if it's enough for Ryan and Chris.
> >>>>
> >>>> Also, i'll need to take a look into it and maybe upgrade it a bit as
> >>>> there hasn't been development on it for more than a year.
> >>>>
> >>>> Kind regards,
> >>>> Miroslav Stampar
> >>>>
> >>>> On Jan 11, 2012 9:11 AM, "Hans Wurst" <wurstwas...@googlemail.com>
> wrote:
> >>>>>
> >>>>> Hello everyone,
> >>>>>
> >>>>> Whats with --predict-output ??
> >>>>> Maybe you could use that.
> >>>>>
> >>>>> Cheers
> >>>>>
> >>>>> Am 11.01.2012 um 09:09 schrieb Miroslav Stampar
> >>>>> <miroslav.stam...@gmail.com>:
> >>>>>
> >>>>> Hi guys.
> >>>>>
> >>>>> This would be implemented long time ago only if Python wasn't such
> >>>>> really bad about interrupting it's processes. Sadly, you can 'pause'
> >>>>> (interrupt) them only by Ctrl+C. Now, I can put this there, but it
> will be
> >>>>> clumsy at least.
> >>>>>
> >>>>> If you have other ideas how to deal with this problem, please tell
> >>>>>
> >>>>> Kind regards,
> >>>>> Miroslav Stampar
> >>>>>
> >>>>> On Jan 10, 2012 5:50 PM, "Chris Oakley" <
> christopher.oak...@gmail.com>
> >>>>> wrote:
> >>>>>>
> >>>>>> I'm sure that there are higher priorities than this, but I have to
> add
> >>>>>> that this would be useful for me too. As an example, on a recent
> test I was
> >>>>>> grabbing the banner of the DBMS as a quick POC for a client.
> >>>>>>
> >>>>>> The banner was as follows:
> >>>>>>
> >>>>>> Banner:
> >>>>>> ---
> >>>>>> Microsoft SQL Server 2000 - 8.00.2055 (Intel X86)
> >>>>>> Dec 16 2008 19:46:53
> >>>>>> Copyright (c) 1988-2003 Microsoft Corporation
> >>>>>> Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
> >>>>>> ---
> >>>>>>
> >>>>>> This was a time based blind injection, so each of the above
> characters
> >>>>>> took an average of 20 seconds to retrieve. It's perfectly obvious
> what the
> >>>>>> "Microsoft Corporation" part is going to be, for example. When each
> >>>>>> character takes many queries with wait commands to retrieve, this
> can be
> >>>>>> quite heavy on the DBMS.
> >>>>>>
> >>>>>> Not a huge deal, but if this feature made it into a future release,
> I
> >>>>>> certainly wouldn't complain.
> >>>>>>
> >>>>>> Regards
> >>>>>>
> >>>>>> Chris
> >>>>>>
> >>>>>> On 10 January 2012 16:42, ryan cartner <ryan.cart...@gmail.com>
> wrote:
> >>>>>>>
> >>>>>>> Not sure how difficult this would be to implement, or whether or
> not
> >>>>>>> anyone elses workflow would benefit from it, but I thought I'd
> throw it out
> >>>>>>> there.
> >>>>>>>
> >>>>>>> When sqlmap is retrieving characters for a string, it's often
> obvious
> >>>>>>> what the string is long before sqlmap retrieves it all. Would be
> nice if I
> >>>>>>> could stop it, submit a guess, and have sqlmap test that before
> continuing
> >>>>>>> on.
> >>>>>>>
> >>>>>>> I imagine this would be kinda tough with threads but I haven't
> >>>>>>> familiarized myself wtih the code enough to know.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> ------------------------------------------------------------------------------
> >>>>>>> Write once. Port to many.
> >>>>>>> Get the SDK and tools to simplify cross-platform app development.
> >>>>>>> Create
> >>>>>>> new or port existing apps to sell to consumers worldwide. Explore
> the
> >>>>>>> Intel AppUpSM program developer opportunity.
> >>>>>>> appdeveloper.intel.com/join
> >>>>>>> http://p.sf.net/sfu/intel-appdev
> >>>>>>> _______________________________________________
> >>>>>>> sqlmap-users mailing list
> >>>>>>> sqlmap-users@lists.sourceforge.net
> >>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> ------------------------------------------------------------------------------
> >>>>>> Write once. Port to many.
> >>>>>> Get the SDK and tools to simplify cross-platform app development.
> >>>>>> Create
> >>>>>> new or port existing apps to sell to consumers worldwide. Explore
> the
> >>>>>> Intel AppUpSM program developer opportunity.
> >>>>>> appdeveloper.intel.com/join
> >>>>>> http://p.sf.net/sfu/intel-appdev
> >>>>>> _______________________________________________
> >>>>>> sqlmap-users mailing list
> >>>>>> sqlmap-users@lists.sourceforge.net
> >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>>>>
> >>>>>
> >>>>>
> ------------------------------------------------------------------------------
> >>>>> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a
> >>>>> complex
> >>>>> infrastructure or vast IT resources to deliver seamless, secure
> access
> >>>>> to
> >>>>> virtual desktops. With this all-in-one solution, easily deploy
> virtual
> >>>>> desktops for less than the cost of PCs and save 60% on VDI
> >>>>> infrastructure
> >>>>> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> >>>>>
> >>>>> _______________________________________________
> >>>>> sqlmap-users mailing list
> >>>>> sqlmap-users@lists.sourceforge.net
> >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Miroslav Stampar
> >>> http://about.me/stamparm
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a
> complex
> >> infrastructure or vast IT resources to deliver seamless, secure access
> to
> >> virtual desktops. With this all-in-one solution, easily deploy virtual
> >> desktops for less than the cost of PCs and save 60% on VDI
> infrastructure
> >> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sqlmap-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >
> >
> >
> > --
> > Bernardo Damele A. G.
> >
> > Homepage: http://about.me/inquis
> > E-mail / Jabber: bernardo.damele (at) gmail.com
> > Mobile: +447788962949 (UK 07788962949)
> >
> >
> ------------------------------------------------------------------------------
> > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> > infrastructure or vast IT resources to deliver seamless, secure access to
> > virtual desktops. With this all-in-one solution, easily deploy virtual
> > desktops for less than the cost of PCs and save 60% on VDI infrastructure
> > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> > _______________________________________________
> > sqlmap-users mailing list
> > sqlmap-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
