Re: [sqlmap-users] ms sql database names' enum

Tue, 03 Jul 2012 11:17:27 -0700 

Hi Henry.

Find "SELECT DB_NAME(i++)" mechanism implemented with the latest commit
(27fdccc) as a fallback in case that standard one fails.

Kind regards,
Miroslav Stampar

On Tue, Jul 3, 2012 at 2:01 AM, Henry Waves <microw...@gmx.us> wrote:

> I've met dozens of practical cases when --dbs switch becomes useless
> with --dbms=mssql (can't say precisely, but maybe <2008 versions). The
> only workaround proved itself useful is retrieval of db_name(i++) using
> --sql-shell while other standart techniques were totally useless.
> Another reason i decided to compose this miserable letter is that i
> would like to see debug information on how page is being parsed in order
> to determine exact string or regexp or whatever sqlmap uses to pick up
> context output or to determine the boolean value for positive logical
> answer. Uploading specific files for mssql would be great too, because
> currently i choose another commercial products which are ugly, heavy,
> gui and windows only in order to execute os commands (that thing
> appeared to be broken in almost every semi-complicated case while worked
> fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or
> upload something over designed and accessible routines of ms sql in
> certain cases. Maybe i'm missing some concepts , but the first thing
> i've mentioned above deserves your attention for sure. Thanks :*
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to