Does this mean as a defence we could create a procedure with the same name which would block the creation?
Robin On 5 December 2014 at 21:14, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for > cleanup in further runs) > > Bye > > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <robin@digi.ninja> wrote: >> >> Sorry, somehow sent early, was trying to ask, is the name still >> dynamic or is it now just a fixed name? >> >> Robin >> >> On 5 December 2014 at 21:07, Robin Wood <robin@digi.ninja> wrote: >> > OK, I've got a lab I can test it in later tonight. >> > >> > When you say not random, is it still dynamic va >> > >> > On 5 December 2014 at 21:03, Miroslav Stampar >> > <miroslav.stam...@gmail.com> wrote: >> >> Hi. >> >> >> >> Just made a patch. Not around a testing environment to test it out, but >> >> now >> >> it should work (new proc name is not randomly generated from now on so >> >> it >> >> could be properly deleted afterwards). >> >> >> >> Bye >> >> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar >> >> <miroslav.stam...@gmail.com> wrote: >> >>> >> >>> Will check this out in an hour or so. At first glance I can see that >> >>> we >> >>> have to make a patch for MsSQL. >> >>> >> >>> Bye >> >>> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <robin@digi.ninja> wrote: >> >>>> >> >>>> Looking at the commands sent I can see three drop tables for >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored >> >>>> procedures. >> >>>> >> >>>> On 4 December 2014 at 15:08, Robin Wood <robin@digi.ninja> wrote: >> >>>> > Just spotted --cleanup but that didn't remove the procedure, sqlmap >> >>>> > command seemed to run OK though but didn't say anything about what >> >>>> > it >> >>>> > was removing, should it have done? >> >>>> > >> >>>> > Robin >> >>>> > >> >>>> > On 4 December 2014 at 15:01, Robin Wood <robin@digi.ninja> wrote: >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc >> >>>> >> called >> >>>> >> xp_gedp has been created and left behind, is there any way to >> >>>> >> automatically clean up this and any other things that are created? >> >>>> >> >> >>>> >> Robin >> >>>> >> >>>> >> >>>> >> >>>> ------------------------------------------------------------------------------ >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> >>>> from Actuate! Instantly Supercharge Your Business Reports and >> >>>> Dashboards >> >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >> >>>> more >> >>>> Get technology previously reserved for billion-dollar corporations, >> >>>> FREE >> >>>> >> >>>> >> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >>>> _______________________________________________ >> >>>> sqlmap-users mailing list >> >>>> sqlmap-users@lists.sourceforge.net >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >> >>> >> >>> >> >>> >> >>> -- >> >>> Miroslav Stampar >> >>> http://about.me/stamparm >> >> >> >> >> >> >> >> >> >> -- >> >> Miroslav Stampar >> >> http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
