Hi.
Problem is that sqlmap needs to have data retrieved to be able to do it's
normal workflow. For example, if you do --dump sqlmap needs to know table
columns. In your proposed case that would be problematic. Also, there are
lots of cases when we ask server for a simple questions and we need an
answer to be able to proceed.
Also, in sqlmap DNS exfiltration works only if one other slower technique
is available (e.g. time-based blind and/or boolean-based blind). In your
proposed case that technique would need to be ignored completely - as it's
automatically being used if DNS exfiltration fails.
Kind regards,
Miroslav Stampar
On Apr 16, 2013 11:50 PM, "buawig" <bua...@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> in cases where sqlmap is run against targets on internal networks it
> would be great if one could tell sqlmap to simply proceed without
> expecting incoming DNS requests, because sqlmap can not be executed
> directly on the DNS server (which can't reach the target, but the
> target can reach the DNS server).
>
> For me it would be enough to simply run something like
> - -u ... --dns-domain=attacker.com --dns-port=0
> (--dns-port does not exist [yet])
>
> to let sqlmap know that it doesn't need to start a DNS listener.
>
> I would then collect and decode the DNS querries on the DNS server
> manually, but I could also envision running a second sqlmap instance
> on the DNS server with --dns-domain (but without -u) doing that job.
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJRbcIPAAoJEJeRHQyF0ukM/VwQAKlZKRyuk55ZbiOzbRPztw/p
> dGHg7KLwPJ5fM9uXDNodO7cdZF18x6EJOjTJwu6sRNvUwjiAWb7VwAB6HLcts8Qf
> WXQL5OUBEzJiYJ/XUVZonPvw+PGc781rNTJDnbW3RKSQK8Hd7T5TgfDE0ucqTCRz
> cJ1NbcDswrCQNZtKr09SRW9kxk1QfHsbAGfQYpQh0LrIR3cTageFPLJ+hosMF+VU
> uoEiu6k9JJwbWlKCMu2uz/UrLRqdt7VtjhkpbLSLMBL/IOnfTHfdQ37NRYcJIkos
> D/sZIyA0MT/woN25rVVDAhxwVZ2MFcxn7eMKXZCxv5VpXZKQxeMtew8maDBwom5C
> JdM+bF6AoE56zqi/+qaYajPmO0GYQXy26YUhbRJUufF2ThSTTWnmgZ8QH6fKUbfN
> QTGbXyH/FbaXDMDokEButCcrD1PCpvklfz44VU7zi0zG/wBN+mnleT24bvW1tbhx
> J1vCEbXWEFCfxwCqTDopLHaGNkIlo4oH4PUsIyW1FlTYQRqH5cUe2bV1F0XcP3/O
> yNyHZmLMGtPdEvJ+Wkx8Bp4gcUC2ikKlS6H85TMDu6GxS5oi7EK+kGnJ+njhPeaF
> plSWWJFQHEm0DJ/ZCGjgzZyvS8QzK7WDfplpR/TBrc3uOLXZVqDhPW4IkLLc49Vz
> N5xHRCVPLLSrPfTPiyIJ
> =JSkD
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
