Well, if you think like that, used auxiliary table names are also static
(sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table names
and proc names for defensive purposes just like that around will only
create panic. Also, non-skiddy will easily detect that there is already a
proc/table name with the same name causing the problem and he will easily
adapt either sqlmap or drop older entities (e.g. via --cleanup).
Why wouldn't you revoke privileges for creating of tables and/or procedures
for defensive purposes rather than laying around sqlmap... inside database?
Bye
On Fri, Dec 5, 2014 at 10:19 PM, Robin Wood <robin@digi.ninja> wrote:
> Does this mean as a defence we could create a procedure with the same
> name which would block the creation?
>
> Robin
>
> On 5 December 2014 at 21:14, Miroslav Stampar
> <miroslav.stam...@gmail.com> wrote:
> > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for
> > cleanup in further runs)
> >
> > Bye
> >
> > On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood <robin@digi.ninja> wrote:
> >>
> >> Sorry, somehow sent early, was trying to ask, is the name still
> >> dynamic or is it now just a fixed name?
> >>
> >> Robin
> >>
> >> On 5 December 2014 at 21:07, Robin Wood <robin@digi.ninja> wrote:
> >> > OK, I've got a lab I can test it in later tonight.
> >> >
> >> > When you say not random, is it still dynamic va
> >> >
> >> > On 5 December 2014 at 21:03, Miroslav Stampar
> >> > <miroslav.stam...@gmail.com> wrote:
> >> >> Hi.
> >> >>
> >> >> Just made a patch. Not around a testing environment to test it out,
> but
> >> >> now
> >> >> it should work (new proc name is not randomly generated from now on
> so
> >> >> it
> >> >> could be properly deleted afterwards).
> >> >>
> >> >> Bye
> >> >>
> >> >> On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar
> >> >> <miroslav.stam...@gmail.com> wrote:
> >> >>>
> >> >>> Will check this out in an hour or so. At first glance I can see that
> >> >>> we
> >> >>> have to make a patch for MsSQL.
> >> >>>
> >> >>> Bye
> >> >>>
> >> >>> On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood <robin@digi.ninja>
> wrote:
> >> >>>>
> >> >>>> Looking at the commands sent I can see three drop tables for
> >> >>>> sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored
> >> >>>> procedures.
> >> >>>>
> >> >>>> On 4 December 2014 at 15:08, Robin Wood <robin@digi.ninja> wrote:
> >> >>>> > Just spotted --cleanup but that didn't remove the procedure,
> sqlmap
> >> >>>> > command seemed to run OK though but didn't say anything about
> what
> >> >>>> > it
> >> >>>> > was removing, should it have done?
> >> >>>> >
> >> >>>> > Robin
> >> >>>> >
> >> >>>> > On 4 December 2014 at 15:01, Robin Wood <robin@digi.ninja>
> wrote:
> >> >>>> >> I'm testing sqlmap against an MSSQL DB and looking at running OS
> >> >>>> >> commands. In an attempt to reenable xp_cmdshell a stored proc
> >> >>>> >> called
> >> >>>> >> xp_gedp has been created and left behind, is there any way to
> >> >>>> >> automatically clean up this and any other things that are
> created?
> >> >>>> >>
> >> >>>> >> Robin
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>>
> ------------------------------------------------------------------------------
> >> >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> >> >>>> from Actuate! Instantly Supercharge Your Business Reports and
> >> >>>> Dashboards
> >> >>>> with Interactivity, Sharing, Native Excel Exports, App Integration
> &
> >> >>>> more
> >> >>>> Get technology previously reserved for billion-dollar corporations,
> >> >>>> FREE
> >> >>>>
> >> >>>>
> >> >>>>
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> >> >>>> _______________________________________________
> >> >>>> sqlmap-users mailing list
> >> >>>> sqlmap-users@lists.sourceforge.net
> >> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Miroslav Stampar
> >> >>> http://about.me/stamparm
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Miroslav Stampar
> >> >> http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
