Hi Marco.

Thank you for your advice.

You are probably talking about BOOLEAN based technique.

Now, we've chosen an approach that will be most optimal from coding aspect.
Also, currently other techniques (error and union) are used far more often
than inference ones (boolean and time-based).

Why is that an optimal approach? Because in boolean technique in
multithreading mode sqlmap is using an generic retrieval of any SQL query
result - 1) retrieve result length 2) distribute among multiple threads.
Now, doing something like lots of 1s and do multithreaded lots of 2s would
screw our internal approach. Believe me, this all has to be VERY generic to
work on all DBMSes for all cases. Implementing your approach would just put
too much effort (rewriting whole sqlmap, not just that enumeration of table
names) with too little positive effects.

Kind regards,
Miroslav Stampar

On Tue, May 29, 2012 at 9:02 AM, Marco Mirandola <mmmc...@gmail.com> wrote:

> Great Miroslav
>
> I give you some advice on optimizing the use of multithreads...
>
> Currently in multi threads sqlMap works like this:
> - To enum tables (1 thread)
> - Retrieve length table 'I' (1 thread)
> - Retrieve name table 'I' (multiple threads)
>  - Retrieve length table 'II' (1 thread)
> - Retrieve name table 'II' (multi-threads)
> - Retrieve length table 'III' (1 thread)
> - Retrieve name table 'III' (multi-threads)
> ...
> - Retrieve length table 'n' (1 thread)
> - Retrieve name table 'n' (multiple threads)
>
> when working on a single thread latency is too much, you could optimize it:
>  - To enum tables (1 thread)
> *- Retrieve the length of all tables (multi-threads)*
> - Retrieve name table 'I' (multiple threads)
> - Retrieve name table 'II' (multi-threads)
>  - Retrieve name table 'III' (multi-threads)
> ...
> - Retrieve name table 'n' (multiple threads)
>
> Best regards 8-D
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to