This condition I'll to exploitation website via sql injection to create backdoor and get privillege access, no I open DVWA SQLInjection, I use Mantra and look with tamper data to look cookie data from trial input data
Then use this data to look database of vulnerable web with sqlmap tools build in on Backtrack
I found datapase and try to find hash password with this syntax
Then I try to look sql-shell mode with this syntax
This I cant to show database sql, maybe that will be cause level is medium, I'll try to make other way to entarance privillage access into system with upload mode.
first I change to "high" level mode in DVWA cause with upload method this is rule
Then I choose to Upload mode
I make new page upload with php-backdoor like here
I try to upload that file php to upload image page but failed like here
I try to change extention php to be jpeg for bypass authentication image file for this page
Trying to upload again this file with new extention is jpeg as image extention
This trick is success and I try to go for new page is path /hackable/uploads/php-backdoor.jpeg
That failed to access new page cause that file real is php but tryin to open as jpeg so that is reason failed so try to change jpeg to php in url
The new page as upload file has create, this page is the channel to upload backdoor exploit for take over system privillege, I try to find exploit in explot-db for exploitation kernel linux 2.6.39
I copy that exploit to Desktop and make change that exploit, cause that exploit is not ready to use, cause any comments in exploit, after make change I compile that exploit with gcc with name "exploit" here is "exploit has been at Desktop
Try to upload exploit in "/temp" directory cause "tmp" have full access and executable so I try to upload that exploit
Upload error, I found that result after I try to upload that exploit, I wonder that condition and I think that will be like this cause security level is high.
I try to back with previous stage I was know password and user mysql is root and root as password, use address in 192.168.56.1/phpmyadmin
To be continued
No comments:
Post a Comment