Thanks a bunch! :) On 2014-01-13 09:06, Miroslav Stampar wrote: > Hi. > > There are two ways: > > 1) From DBMS banner (e.g. banner "Microsoft SQL Server 2005 - > 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 > Microsoft Corporation Express Edition on WINDOWS NT 5.2 (Build 3790: > Service Pack 2)" -> Windows 2003) [1] > 2) Heuristically/guessing from IIS version (e.g. HTTP response header > "Server: Microsoft-IIS/6.0" -> Windows 2003) [2] > > Kind regards, > Miroslav Stampar > > Reference: > [1] sqlmap/plugins/dbms/mssqlserver/fingerprint.py > [2] sqlmap/xml/banner/server.xml > > On Sun, Jan 12, 2014 at 1:53 PM, <d...@alcor.se> wrote: > >> No, the site displays custom error pages. >> >> On 2014-01-12 13:43, Miroslav Stampar wrote: >> >> Are error messages turned on on the target server? >> >> Bye >> On Jan 12, 2014 1:19 PM, <d...@alcor.se> wrote: >> >> Well I checked the HTTP headers on the server and it only says >> "Microsoft/IIS6.0". >> And I can't figure out how to via the SQL injection determine the >> OS. >> >> Anymore information would be greatly appreciated. >> No rush though, I'm mostly curious on how it does it :) >> Maybe some sort of example? >> >> Regards >> >> On 2014-01-12 12:55, Miroslav Stampar wrote: >> Hi. >> >> There are multiple vectors sqlmap uses. For example, it usually >> uses >> DBMS banner if available and HTTP header values (e.g. Server). Do >> you >> need more specific info? >> >> Bye >> On Jan 11, 2014 10:17 PM, <d...@alcor.se> wrote: >> >> I tried sqlmap on a site running on Windows Server 2003, and it >> could >> detect the OS. >> How does sqlmap go about doing that? >> >> Regards, Jimmy >> >> > ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In >> Between. >> Get a Quote or Start a Free Trial Today. >> >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> >> [1] >> [1] >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] [2] >> [2] >> >> Links: >> ------ >> [1] >> >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> [1] >> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] >> [2] >> >> Links: >> ------ >> [1] >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] > > -- > Miroslav Stampar > http://about.me/stamparm [3] > > Links: > ------ > [1] > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users > [3] http://about.me/stamparm
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
