Using Havij to find SQL vulnerability. 02-10-2014, 06:40 AM
#1
TL;DR:
Read it.
For this tutorial, we will be using a tool called "Havij" to find vulnerabilities in SQL-related webpages or of that sort.
Download to Havij:
http://www.4shared.com/get/5qLfUnfn/Havi...Crack.html
Once this is installed you will need to find vulnerabilities. An easy way to get them via-forum is to look at a post link. Example?
When I posted this thread the url was "http://www.sinister.ly/newthread.php?fid=58". That there, friends, is a vulnerability. This isn't just Sinisterly. It is for any website with a special identification code appended to the url.
How do we get our shit together to find website passwords and such?
First, put your target, with the vulnerable url, in the target section and analyze it.
![[Image: 2vknvvd.jpg]](http://oi57.tinypic.com/2vknvvd.jpg)
Now assuming you have entered a proper url with a valid id, you can fuck shit up. If you know how.
If you don't, that's why I am here.
Once everything is loaded, if text in the giant-ass-box below is blue, it most likely provided you with a database name. This will be useful later.
Now click on "Tables" and then "Get Tables". These options only appear after a successful vulnerability was found and information of the website was in the "blue". When I say "in the blue", I mean you succeeded in your quest of finding server information.
Now click on "Get Columns" and check the third option down in the box on the left. It should bring up a table that has "id" and "password" columns in it. If it does, good job. If not, read again.
Now that you have the table, click "Get Data" to collect your desired information. It will provide you with the Admin username and password.
One problem. The password is encrypted in MD5 Hash. GREEEEAT.
Never fear, Havij is here. Just click on the "MD5" tab above with the little key and paste the password. Click "start". Just wait a minute and it will return your password, "unhashified".
Congratulations, you fucking dick-head, you. You just got yourself into a website's admin control panel.
What are you waiting for? DEFACE THEM SONS OF BITCHES.
Note: This tutorial is for educational purposes only. I am not responsible for what you do.
Read it.
For this tutorial, we will be using a tool called "Havij" to find vulnerabilities in SQL-related webpages or of that sort.
Download to Havij:
http://www.4shared.com/get/5qLfUnfn/Havi...Crack.html
Once this is installed you will need to find vulnerabilities. An easy way to get them via-forum is to look at a post link. Example?
When I posted this thread the url was "http://www.sinister.ly/newthread.php?fid=58". That there, friends, is a vulnerability. This isn't just Sinisterly. It is for any website with a special identification code appended to the url.
How do we get our shit together to find website passwords and such?
First, put your target, with the vulnerable url, in the target section and analyze it.
Now assuming you have entered a proper url with a valid id, you can fuck shit up. If you know how.
If you don't, that's why I am here.
Once everything is loaded, if text in the giant-ass-box below is blue, it most likely provided you with a database name. This will be useful later.
Now click on "Tables" and then "Get Tables". These options only appear after a successful vulnerability was found and information of the website was in the "blue". When I say "in the blue", I mean you succeeded in your quest of finding server information.
Now click on "Get Columns" and check the third option down in the box on the left. It should bring up a table that has "id" and "password" columns in it. If it does, good job. If not, read again.
Now that you have the table, click "Get Data" to collect your desired information. It will provide you with the Admin username and password.
One problem. The password is encrypted in MD5 Hash. GREEEEAT.
Never fear, Havij is here. Just click on the "MD5" tab above with the little key and paste the password. Click "start". Just wait a minute and it will return your password, "unhashified".
Congratulations, you fucking dick-head, you. You just got yourself into a website's admin control panel.
What are you waiting for? DEFACE THEM SONS OF BITCHES.
Note: This tutorial is for educational purposes only. I am not responsible for what you do.
![[Image: BXqGARG.png]](https://i.imgur.com/BXqGARG.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
.png "Donator (Rank I)")
