将已知的表名添加到SQLmap的基于时间的会话中。

huangapple go评论53阅读模式
英文:

Add known tables names to SQLmap Time-Based session

问题

我正在分析一个包含90个表的数据库,使用“基于时间的比较”技术。当我列出表的名称时,已经到了第40个,但我的电脑突然关闭,没有保存会话中的进度。当我重新开始这个过程时,它从第27个表开始,幸运的是,我已经将表的名称写在一个记事本中,但我不知道如何将它们添加到会话中。

我尝试修改session.sqlite文件,但找不到有关如何填写id列的信息。

我尝试将表的名称包含在一个文本文件中,并使用--common-tables参数,但它们未被添加到会话中,当我再次开始“基于时间”的搜索过程时,它仍然从第27个表开始。

我该如何将我已经知道的表的名称添加到会话中,而不必再次逐个字符比较?这需要很长时间。

英文:

I am analyzing a database that has 90 tables using the "Time-Based Comparison" technique. When I was listing the names of the tables, I was already at number 40 and my PC turned off without saving the progress in the session, when I started the process again, it started from table 27, fortunately I had written down the names of the tables in a notepad, but I don't know how to add them to the session.

I tried to modify the session.sqlite file but I can't find information on how I should fill in the id column.

I tried including the name of the tables in a text file and using the --common-tables parameter, but they are not added to the session, when starting the "Time-Based" search process again, it continues to start from the table 27.

How can I add to the session the names of the tables that I already know, but were not saved? I want to avoid having to compare character by character again, it takes a lot of time.

答案1

得分: 0

ID列对应于SQLMap发送到服务器的查询的哈希值。

要添加我已知的表的名称,我所做的是使用SQLMap用于生成查询哈希的相同函数,并将哈希与值直接添加到session.sqlite数据库。

英文:

The ID column corresponds to the hash of the query that SQLMap makes to the server.

To add the names of the tables that I already know, what I did was use the same function that SQLMap uses to generate the hash of the queries, and add the hash with the value directly to the session.sqlite database.

huangapple
  • 本文由 发表于 2023年2月26日 23:00:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/75572842.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定