Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Robin Wood
Fair enough, all valid points. I'd not looked at the fixed table names till looking at cleanup so hadn't thought about any of it before. Robin On 5 December 2014 at 21:27, Miroslav Stampar wrote: > Well, if you think like that, used auxiliary table names are also static > (sqlmapfile, sqlmapfile

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Miroslav Stampar
Well, if you think like that, used auxiliary table names are also static (sqlmapfile, sqlmapfilehex and sqlmapoutput). But... leaving table names and proc names for defensive purposes just like that around will only create panic. Also, non-skiddy will easily detect that there is already a proc/tabl

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Robin Wood
Does this mean as a defence we could create a procedure with the same name which would block the creation? Robin On 5 December 2014 at 21:14, Miroslav Stampar wrote: > Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for > cleanup in further runs) > > Bye > > On Fri, Dec 5, 20

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Miroslav Stampar
Now it is "new_xp_cmdshell" so no more random/dynamic names (easier for cleanup in further runs) Bye On Fri, Dec 5, 2014 at 10:08 PM, Robin Wood wrote: > Sorry, somehow sent early, was trying to ask, is the name still > dynamic or is it now just a fixed name? > > Robin > > On 5 December 2014 at

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Robin Wood
Sorry, somehow sent early, was trying to ask, is the name still dynamic or is it now just a fixed name? Robin On 5 December 2014 at 21:07, Robin Wood wrote: > OK, I've got a lab I can test it in later tonight. > > When you say not random, is it still dynamic va > > On 5 December 2014 at 21:03, M

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Robin Wood
OK, I've got a lab I can test it in later tonight. When you say not random, is it still dynamic va On 5 December 2014 at 21:03, Miroslav Stampar wrote: > Hi. > > Just made a patch. Not around a testing environment to test it out, but now > it should work (new proc name is not randomly generated

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Miroslav Stampar
Hi. Just made a patch. Not around a testing environment to test it out, but now it should work (new proc name is not randomly generated from now on so it could be properly deleted afterwards). Bye On Fri, Dec 5, 2014 at 11:56 AM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > Will chec

Re: [sqlmap-users] cleaning up after yourself

2014-12-05 Thread Miroslav Stampar
Will check this out in an hour or so. At first glance I can see that we have to make a patch for MsSQL. Bye On Thu, Dec 4, 2014 at 4:11 PM, Robin Wood wrote: > Looking at the commands sent I can see three drop tables for > sqlmapfile, sqlmapfilehex and sqlmapoutput but nothing for stored > proc