Showing posts with label Network Security. Show all posts
Showing posts with label Network Security. Show all posts

Create backdoor use sql injection

KUMΞL | Monday, July 25, 2011 | | 0 comments

sqlinjectThe first step is search vulnerable of sql injection at the site, and i've found at that site sql injection vulner in url : http://192.168.56.103/joomla/index.php?option=com_aardvertiser&cat_name=user&task=view

Now, try to inject it with sqlmap with syntax :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.103/joomla/index.php?" --data "option=com_aardvertiser&cat_name=user&task=view" -p cat_name --dbs

Than the result is :
[03:18:19] [WARNING] POST parameter 'cat_name' is not injectable
[03:18:19] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
[*] shutting down at: 03:18:19

Read more »

Test a system

KUMΞL | Thursday, July 14, 2011 | | 0 comments

Information Gathering
Take the ip target

Service Enumeration
Scanning with nmap and a result is :
Starting Nmap 5.51 ( http://nmap.org ) at 2011-07-14 10:25 WIT
Nmap scan report for 192.168.56.101
Host is up (0.0011s latency).
Not shown: 995 closed ports


PORT      STATE SERVICE
21/tcp    open  ftp
80/tcp    open  http
443/tcp   open  https
3306/tcp  open  mysql
MAC Address: 08:00:27:A5:0B:F5 (Cadmus Computer Systems)
There is open port 80, an try to open the page of that system, there is a joomla template to be a main page. and scan some name of folder which probably there is of that system with dirbuster and i found a folder XAMPP

Read more »
Subscribe to: Posts (Atom)