Hi Marco, On 14 November 2013 11:31, Marco Mirandola <mmmc...@gmail.com> wrote: > Hello everyone > > I thought of 2 small modifications to the source: > 1) If the selected query came out only one record in this case: > > [12:16:30] [INFO] the SQL query provided has more than one field. sqlmap > will no > w unpack it into distinct queries to be able to retrieve the output even if > we a > re going blind > [12:16:30] [INFO] retrieved: 1 > the SQL query provided can return 1 entries. How many entries do you want to > ret > rieve? > [a] All (default) > [#] Specific number > [q] Quit > is superfluous to the choices
Done, https://github.com/sqlmapproject/sqlmap/commit/59b6791faa25fa36c72f9b1cae61d5107ecafeba. > 2) Especially in cases of brute force attacks as "based blind" would be > appropriate for speedy extraction follow the following rules: > - In the case of an account after the '@' if the letter after is a 'l' try > with the next 'ocalhost'. > - In the case of an email after an '@' and 'h' try with the next 'otmail.', > Or '@ g' try 'mail.com', all this to gain time and not slaughter the server > requests . (you should have a file with the main domains so that the program > verification). These cases are too specific to those email providers and the MySQL >= 5 users' table. Nonetheless, we do have a number of switches that you may find useful to speed the enumeration process - these are documented here, https://github.com/sqlmapproject/sqlmap/wiki/Usage#optimization. Specifically to your need, you can tweak the txt/common-outputs.txt file with common output under the relevant label (in the form [label]). This is documented under https://github.com/sqlmapproject/sqlmap/wiki/Usage#output-prediction. > - If a field is a hash (and that you might as noticing only after 1 or 2 > extractions of the field), you can restrict only the hexadecimal digits I am not sure this is a good idea and would work well under all circumstances. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
