Havij's GUI Havij has an easy to use GUI, pictured right, which can be used to hack into a site in a matter of seconds. Havij is seen as a Script Kiddie tool, because the user does not have to follow the regular steps on SQL injection. It is still, however, a useful tool that many hackers keep in their arsenal for quick attacks. How To Use Havij:
I'm using the "inurl://.php?id='1" dork and choose "bcspeakers.com" site to inject. After you have choose your own site t inject, then you are good to go the next step.
2. Open your havij.
paste your page site url and analyze it.
wait for moment..
if you got this message on the below,
it mean the site is vulnerable to hack... go to next step..
3. Find the "tables" from the site...
then tick to the database.. in this case.. the site just has one database, so it easy.. it does not take time. some site, there are many database, so you have to try all of it to find the user or id and password..
after tick to the database... then click "get tables" button.
then.. click to the table that nearly named to username, password, user, pass, or anything else.. in this case, the password and the username in the same table, so i just tick to one table only to find the column.. after tick the tables... now click "get columns" button...
this is it!.. now tick the username and pass or in other case tick to columns that closly to pass and user name.. after tick, click "get data" button..
now we can see the username and the "Hashed password there.. now.. it good to go the next step..
4. Solve the MD5?
now copy the MD5 hash at the bottom..
if you are a genious one, then you can solve the MD5.. but if you nood one... hehe.. dont shy to click "MD5" button...
paste the MD5.. then click start...
now we can see the pass the had been solved!..
until here, we have the username: becspeak2803 and the pass the solved: BaF5643De .. is'nt it?
wakaka.. but.. there is one more thing you need to know.. how to login with this id???
wakakaka... once again.. if you re genious... then think it yourself.. but if noob... wakaka.. just click the "find admin" button..
in this case.. havij just read 2 web apps of page.. it is php file and asp file.. so.. it just 400 admin login page to test.. but.. if you add the web apps like this..
then you got more 800 admin login page to test login.. but.. if you have your own list of admin page.. then just copy and paste into admin.txt file in havij directory...
just wait for moment.. then havij will show the result of the test...
5. Login to admin
after yu have the username, passwrd and admin login page.. now the site is your's.... it is time for you upload your own shell on that site...