Thanks a bunch! :)

On 2014-01-13 09:06, Miroslav Stampar wrote:
> Hi.
> 
> There are two ways:
> 
> 1) From DBMS banner (e.g. banner "Microsoft SQL Server 2005 -
> 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005
> Microsoft Corporation Express Edition on WINDOWS NT 5.2 (Build 3790:
> Service Pack 2)" -> Windows 2003) [1]
> 2) Heuristically/guessing from IIS version (e.g. HTTP response header
> "Server: Microsoft-IIS/6.0" -> Windows 2003) [2]
> 
> Kind regards,
> Miroslav Stampar
> 
> Reference:
> [1] sqlmap/plugins/dbms/mssqlserver/fingerprint.py
> [2] sqlmap/xml/banner/server.xml
> 
> On Sun, Jan 12, 2014 at 1:53 PM, <d...@alcor.se> wrote:
> 
>> No, the site displays custom error pages.
>> 
>> On 2014-01-12 13:43, Miroslav Stampar wrote:
>> 
>> Are error messages turned on on the target server?
>> 
>> Bye
>> On Jan 12, 2014 1:19 PM, <d...@alcor.se> wrote:
>> 
>> Well I checked the HTTP headers on the server and it only says
>> "Microsoft/IIS6.0".
>> And I can't figure out how to via the SQL injection determine the
>> OS.
>> 
>> Anymore information would be greatly appreciated.
>> No rush though, I'm mostly curious on how it does it :)
>> Maybe some sort of example?
>> 
>> Regards
>> 
>> On 2014-01-12 12:55, Miroslav Stampar wrote:
>> Hi.
>> 
>> There are multiple vectors sqlmap uses. For example, it usually
>> uses
>> DBMS banner if available and HTTP header values (e.g. Server). Do
>> you
>> need more specific info?
>> 
>> Bye
>> On Jan 11, 2014 10:17 PM, <d...@alcor.se> wrote:
>> 
>> I tried sqlmap on a site running on Windows Server 2003, and it
>> could
>> detect the OS.
>> How does sqlmap go about doing that?
>> 
>> Regards, Jimmy
>> 
>> 
> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In
>> Between.
>> Get a Quote or Start a Free Trial Today.
>> 
>> 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> [1]
>> 
>> [1]
>> [1]
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] [2]
>> [2]
>> 
>> Links:
>> ------
>> [1]
>> 
>> 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&amp;iu=/4140/ostg.clktrk
>> [1]
>> [1]
>> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2]
>> [2]
>> 
>> Links:
>> ------
>> [1]
>> 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&amp;iu=/4140/ostg.clktrk
>> [1]
>> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2]
> 
> --
> Miroslav Stampar
> http://about.me/stamparm [3]
> 
> Links:
> ------
> [1]
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&amp;iu=/4140/ostg.clktrk
> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> [3] http://about.me/stamparm

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to