IT Community Malaysia

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Lesson 7# - Havij SQL Injection, Webs Hacking!


Smasher Hax

Status: Offline
Posts: 267
Date:
Lesson 7# - Havij SQL Injection, Webs Hacking!
Permalink  
 


Download Havij 1.15 at here:

Click here!

Havij's GUI Havij has an easy to use GUI, pictured right, which can be used to hack into a site in a matter of seconds. Havij is seen as a Script Kiddie tool, because the user does not have to follow the regular steps on SQL injection. It is still, however, a useful tool that many hackers keep in their arsenal for quick attacks. How To Use Havij:

1. Find the vulnerable site using gogle dork.

-Go to google, then search this:

inurl://.php?id='1

inurl://group_concat(table_name)from information_schema--

intext:"You have an error in your SQL syntax"

60161_416543708411475_1169488204_n.jpg

I'm using the "inurl://.php?id='1" dork and choose "bcspeakers.com" site to inject. After you have choose your own site t inject, then you are good to go the next step.

2. Open your havij.

paste your page site url and analyze it.

487614_416543738411472_1852414933_n.jpg

wait for moment..

if you got this message on the below,

486742_416543758411470_1692712349_n.jpg

it mean the site is vulnerable to hack... go to next step..

3. Find the "tables" from the site...

523947_416543778411468_1970662205_n.jpg

then tick to the database.. in this case.. the site just has one database, so it easy.. it does not take time. some site, there are many database, so you have to try all of it to find the user or id and password..

after tick to the database... then click "get tables" button.

316373_416543801744799_443117276_n.jpg

then.. click to the table that nearly named to username, password, user, pass, or anything else.. in this case, the password and the username in the same table, so i just tick to one table only to find the column.. after tick the tables... now click "get columns" button...

12905_416543855078127_1607285125_n.jpg

this is it!.. now tick the username and pass or in other case tick to columns that closly to pass and user name.. after tick, click "get data" button..

now we can see the username and the "Hashed password there.. now.. it good to go the next step..

4. Solve the MD5?

now copy the MD5 hash at the bottom..

31019_416543888411457_314705545_n.jpg

if you are a genious one, then you can solve the MD5.. but if you nood one... hehe.. dont shy to click "MD5" button...

paste the MD5.. then click start...

155128_416543915078121_1283919249_n.jpg

now we can see the pass the had been solved!..

until here, we have the username: becspeak2803 and the pass the solved: BaF5643De .. is'nt it?

wakaka.. but.. there is one more thing you need to know.. how to login with this id???

wakakaka... once again.. if you re genious... then think it yourself.. but if noob... wakaka.. just click the "find admin" button..

247212_416543981744781_895166856_n.jpg

in this case.. havij just read 2 web apps of page.. it is php file and asp file.. so.. it just 400 admin login page to test.. but.. if you add the web apps like this..

483066_416544011744778_1080152647_n.jpg

then you got more 800 admin login page to test login.. but.. if you have your own list of admin page.. then just copy and paste into admin.txt file in havij directory...

just wait for moment.. then havij will show the result of the test...

 

5. Login to admin

after yu have the username, passwrd and admin login page.. now the site is your's.... it is time for you upload your own shell on that site... 

 

 

Thank...

download havij 1.15 here..


 

 




__________________

I am Sharper

ITC - Internet Moderators

Mods Name: KA

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard