How to find a DBMS name in a blind SQL injection

I'm testing a blind SQL injection and I need to figure out which DBMS I'm dealing with. How can I make him give up his name or what kind of dbms is it? I can not use SQLMap because I can not make a fingerprint. The area in which the query is performed does not appear injectable in sqlmap. It is vulnerable because the (& # 39; or & # 39; & # 39; & # 39; & # 39; & # 39; & # 39; a & # 39; a) causes the entire table to be downloaded, except the flag I need.