-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > Problem is that sqlmap needs to have data retrieved to be able to > do it's normal workflow. For example, if you do --dump sqlmap > needs to know table columns. In your proposed case that would be > problematic. Also, there are lots of cases when we ask server for > a simple questions and we need an answer to be able to proceed. > > Also, in sqlmap DNS exfiltration works only if one other slower > technique is available (e.g. time-based blind and/or boolean-based > blind). In your proposed case that technique would need to be > ignored completely - as it's automatically being used if DNS > exfiltration fails.
Hi Miraoslav, thanks for your answer. Yes, I wouldn't expect sqlmap to work "as usual" in such a scenario, but the manual back and forth wouldn't probably be much fun. An automated approach would be to make DNS querries reaching the DNS server available to sqlmap via HTTP since the internal host running sqlmap can also reach the DNS server. A simple script on the DNS server could simply write incoming DNS queries to a file that can be fetched via HTTP from sqlmap. So the request flow would be: 1) sqlmap host -> target 2) target makes DNS query to the attacker's DNS server 3) DNS server makes inbound queries available via HTTP i.e. https://attacker.com/dnsqueries.txt (optionally protected via HTTP auth) 4) after (1) sqlmap fetches DNS queries from https://attacker.com/dnsqueries.txt I realize that such an "internal" scenario might be not the most common setup, but nonetheless I wanted to share that problem and some thoughts about it. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRbtdKAAoJEJeRHQyF0ukM2WMQAINOvTBT9CA0N/ny5FbLJbeA UgW6ccUjeDDznI4vqOfq/LpRoStrOytkFiOoc4mWuCVHXG0wTTXIVgtQWHCZNkVd io3a4K/AAaLy9I5PUw3cAhar2djPTyJaR5FhobSriex2Pq5oGgQ5bORMXrRZD4rO f+dpZv2zVqNR9EMd5n56gmb1gkCQod8u3XrvN0WCiPOsK14y2tcMZPwpYAbJa68W W7+6/7Q03aoRPCpkf65Qg2U9cilXgHv6CJhF+VHDG3ODsB/PqnerBVzgB3997QEl Ei8lZrGua30e9ITd+qgKRILZjowRuTMiA/8BnktlMIFXh5fIn62k9xuT0B8d39kd v0g7harf3+uEb2KcnfnuHjzWU+TX3grz2ObdSJSg31O7Z6xNgHSVpsAVYc6Jo+uu CPggsaJZ5Mx9x3Av2kxmK1Tk/kXtMvTd0R6NowZsxU1rH/316LTnZna9nSL0Qb5S fUmvyEc5SIBvDnSA+R/85UAEqcHvXSeZESL55Sg/3oqTRZKcTH/1dogfcAjBZ7GB vFuo+VtJcPlLYqR/Lah/kvz0QVwTDmssirNz4aOhbdDjfpH+9iAjgVo3mbK1klr+ H9jhnrevH/fykFng8WJg040UoSiBpdJuUjqNm2bqbK3p9a+LosmPQ9+u7yjqQHNn FjIud4U9OHtX2Mh5nwr7 =lb5m -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
