Thread Closed
DNS ZONE TRANSFER
#1
om, mau tanya ne. hehe
maksud dari dns zone transfer itu ap? seperti kita meng-copy bentukan server dns target gitu?

om om, target discoverynya pake ap biasanya, yang paling mantap?? sory masih pengguna baru.

#2
ya klo ane pake nslookup

root@id-backtrack:~# nslookup
> set type=any
>server id-backtrack.com
Default server:contohserver.com
Address: xxx.xxx.xxx.xxx#53
>exit

atau

root@id-backtrack:~# nslookup james0baster.web.id
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: james0baster.web.id
Address: 174.142.53.85

untuk info
http://support.microsoft.com/kb/164017
Big Grin

#3
hehe, makasih om atas pengertiannya hehe, it om, kalo sql injection di bt5 itu, gmana?? sory masih pengguna baru ne.

#4
sql inj3ction kan bisa make tools sesi

exploitation tools ---> web exploitation tools ---> darkmysql

Spoiler! :

darkMySQLi v1.6 [email protected]
forum.darkc0de.com
Usage: ./darkMySQLi.py [options]
Options:
-h, --help shows this help message and exits
-d, --debug display URL debug information

Target:
-u URL, --url=URL Target url

Methodology:
-b, --blind Use blind methodology (req: --string)
-s, --string String to match in page when the query is valid
Method:
--method=PUT Select to use PUT method ** NOT WORKING
Modes:
--dbs Enumerate databases MySQL v5+
--schema Enumerate Information_schema (req: -D,
opt: -T) MySQL v5+
--full Enumerate all we can MySQL v5+
--info MySQL Server configuration MySQL v4+
--fuzz Fuzz Tables & Columns Names MySQL v4+
--findcol Find Column length MySQL v4+
--dump Dump database table entries (req: -T,
opt: -D, -C, --start) MySQL v4+
--crack=HASH Crack MySQL Hashs (req: --wordlist)
--wordlist=LIS.TXT Wordlist to be used for cracking
Define:
-D DB database to enumerate
-T TBL database table to enumerate
-C COL database table column to enumerate
Optional:
--ssl To use SSL
--end To use + and -- for the URLS --end "--" (Default)
To use /**/ and /* for the URLS --end "/*"
--rowdisp Do not display row # when dumping
--start=ROW Row number to begin dumping at
--where=COL,VALUE Use a where clause in your dump
--orderby=COL Use a orderby clause in your dump
--cookie=FILE.TXT Use a Mozilla cookie file
--proxy=PROXY Use a HTTP proxy to connect to the target url
--output=FILE.TXT Output results of tool to this file

FOLLOW @DutaLinux
for more question and sharing about security and Opensource only

#5
bisa juga pake schemafuzz.py Wink)


Thread Closed



Users browsing this thread: 1 Guest(s)