+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html)
+--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html)
+---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html)
+----- Forum: BackTrack 5 tutorial (https://www.indonesianbacktrack.or.id/forum/forum-82.html)
+----- Thread: SQLi Sqlmap.py (/thread-713.html)
RE: SQLi Sqlmap.py - juicided - 03-24-2012
(03-24-2012, 01:56 AM)junior.riau18 Wrote: site nya aja g punya halaman login om
owh, pantes wkwk
tanya lagi om
http://forum.indonesianbacktrack.or.id/images/smilies/penguin-001.gif
kalo password "06W02769H1447044V" itu ter enkripsi ya?
kalo iya termasuk enkripsi apa?
RE: SQLi Sqlmap.py - Junior Riau - 03-24-2012
base64 sepertinya
lengkap nya ke sini aja om
tetangga
http://www.binushacker.net/tipe-tipe-hash-enkripsi.html
RE: SQLi Sqlmap.py - juicided - 03-24-2012
oke om. ane baca dulu
trimakasih banyak
RE: SQLi Sqlmap.py - juicided - 03-25-2012
tanya lagi ah, hehe
om, ane kan udah dapet username sama password si admin.
trus cara nyari admin page gimana ya?.
RE: SQLi Sqlmap.py - Junior Riau - 03-25-2012
iya gpp selagi saya bisa jawab saya akan jawab
pass admin nya masih hash apa udah di crack?
pakek dirbuster kalo g salah namanya di bt5 ada tapi ini lama karena sistemnya brute direktori,
kalo aplikasi lain ada juga,,
kalo mau di cariin pm aja site ny
RE: SQLi Sqlmap.py - juicided - 03-25-2012
+---------+--------------------------------------------+--------+----------+
| auth | password | status | username |
+---------+--------------------------------------------+--------+----------+
| admin | ac43724f16e9241d990427ab7c8f4228 (rahasia) | 1 | bas |
| admin | cce1f6630ef6d1acf6494ee8f33b7dae | 1 | hkbp |
| redaksi | 0fb04bd6d40bfce7e5ddabc63f7da4aa | 1 | redaksi |
| sekjen | 7122b2e28743b35887551c5b0353178d | 1 | sekjen |
| admin | 9ab8f8605846e9823fe54a0bd6e45033 | 1 | togu80 |
+---------+--------------------------------------------+--------+----------+
tapi itu yang bisa dicrack kok cuma satu ya?
===================================================
saya udah coba scan pake havij hasilnya:
Page Response
http://www.target.or.id/admin/ 200 OK
http://www.target.or.id/controlpanel/ 301 Moved Permanently
http://www.target.or.id/panel/ 200 OK
http://www.target.or.id/cpanel/ 301 Moved Permanently
http://www.target.or.id/kpanel/ 301 Moved Permanently
kemudian setelah saya coba buka satu2
http://www.target.or.id/admin/ (under construction)
http://www.target.or.id/controlpanel/ (login cpanel) Login Attempt Failed!
http://www.target.or.id/panel/ (gak ada form login)
http://www.target.or.id/cpanel/ (login cpanel) Login Attempt Failed!
http://www.target.or.id/kpanel/ (login cpanel) Login Attempt Failed!
iya om, ane nyoba pake dirbuster "Time To Finish: 26 days" wkwkwk
RE: SQLi Sqlmap.py - Junior Riau - 03-25-2012
wkwkwk masa??coba saya scan boleh?
RE: SQLi Sqlmap.py - ekawithoutyou - 03-25-2012
wah
RE: SQLi Sqlmap.py - fake666 - 04-04-2012
aduuh om junior.riau18 ..
cara dapetin shell nya gimana ya?..
penasaran banget ane...
RE: SQLi Sqlmap.py - Junior Riau - 04-04-2012
wkwkw sabar,,ane juga lum dapet wwwkwk