Using Mantra for SQLi + Defacing a website

original post from Mantra website
in ClubHack Magazine, Feb 2011 issue

I just found it's good and it comes with pictures in every steps of the tutorial.

Below this are just my sum-up what I read on the page.

Summary of the steps (these numbers do not corresponding to numbers in the tutorial):
1. Use Mantra
2. press F9 to open HackBar
3. manually find a possible exploitable page
4. test for SQL injection by adding ' (apostrophe)
5. finding number of columns that SQL command in the page use , by using order by
6. getting more info, such as user name, table names, column names
7. finally get user/password
8. if password is hashed, reverse the hash
9. login via normal webpage
10. find a page for uploading files
11. upload C99 shell
12. find where the page upload the file to
13. run the web shell
14. ........15. exit and clear event log

** there's more information on how effective of each web app backdoors (not just C99) in ClubHack Magazine here
or see PDF version. see

No comments:

Post a Comment