Skip to main content

SQLMap

SQLMap will become in handy when you already discovery vulnerability on the database. Using SQLMap, we can automated the process and simply dumping the database will get much more easier compare with manual technique.

Here I already setup a vulnerable box on my VMware and SQLMap install on your machine. You can download it here

Note: For Windows machine you'll need to install python version 2.6 or 2.7 only else it might not work. For your convenience just use Kali Linux.

What we can do here is analyze every URL and search for vulnerable parameter.
We got SQL Error
Send the vulnerable parameter to SQLMap using argument --banner --current-user --current-db --is-dba

Tips: Use -help or -hh for more information about the SQLMap argument
And the parameter is injectable!
Dump the password hashes with --users & --passwords arguments
You can either use dictionary attack with SQLMap or password cracker tool John the ripper
Using John the ripper to crack the password hashes
Test the cracked password with username: phpmyadmin password::toor
Success login to phpmyadmin

Comments

Post a Comment

Popular posts from this blog

Create a session & restore abort/interrupted session in John The Ripper!

Been busy with report writing. Just wanna put some of these command and technique on how to restore interrupted session or aborted session in John The Ripper. 1. First step crack the hash with these commands : john --session=test --format=raw-sha --incremental=rockyou test.txt 2. To restore the abort /interrupted session that you wanted to resume just run these commands : john --restore=test Check the "test.log" Note:  Make sure that these file are not delete " .rec " and " .log " files if the file is deleted or missing it wont work. That's all happy cracking!
Post a Comment
Read more

iOS - Convert .app to .ipa

While doing a iOS Security Testing, I wondered how do we convert .app into .ipa. So basically here are the structure of .ipa files. 1. First, SSH in your iPhone (Jailbroken). 2. Download the .app folder via scp  3. Copy the .app folder into a folder called Payload. 4. Compress it with .zip extension using any compression software. 5. Change the extension from file.zip to file.ipa. That’s it. Now you can use these .ipa files to install the app into your iPhone.
Post a Comment
Read more

SQLiiiii

This is an re-post from an old archive ... From MySQL documentation : "The SELECT ... INTO OUTFILE 'file_name' form of SELECT writes the selected rows to a file. The file is created on the server host, so you must have the FILE privilege to use this syntax. file_name cannot be an existing file, which among other things prevents files such as /etc/passwd and database tables from being destroyed. As of MySQL 5.0.19, the character_set_filesystem system variable controls the interpretation of the filename." The INTO OUTFILE operator can be used during sql injection exploiting to write php shell on remote host. Unfortunately (fortunately?) this is only possible in some (very) race conditions : mysql user must have the FILE privilege; the operator requires a "quoted" file pathname, so the web application should not escape/filter them; httpd and mysql should be installed on the same machine, or (if you can) the file will be written on the dbms machi...
Post a Comment
Read more