+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Tutorials (https://sinister.ly/Forum-Tutorials)
+--- Thread: SQL Injections with Havij 1.15[For Newbies] (/Thread-SQL-Injections-with-Havij-1-15-For-Newbies)
SQL Injections with Havij 1.15[For Newbies] - cable - 12-28-2012
Hi,This is my first tutorial on this board i've been using Havij for a very long time and i think that it's time to share my knowledge with the peoples who can't perform browser based SQL injections.
All You Need Is:
1-Havij sql injection tool, (you can download it from their official website: http://www.itsecteam.com/ ).
2-Any Browser (Chrome,Mozilla...).
3-A victim (Just read the tutorial).
Step 1-Downloading and installing Havij
1-You Can Get Havij from this url : http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/index.html
(Just Download the latest but i used Havij 1.15 for this tutorial)
2-Unrar it and install it then you will notice that there is a shortcut on your desktop to Havij .
3-Run it.
Step 2-Finding a victim
Here,we will basically use a google dork:
1-Go to www.google.com.
2-Type "inurl:*.php.id=" without the quotes and type on "search"("*" means any page you want).
3-choose a link wich appears like: www.yourwebsite.com/index.php?id=4 then add a ' at the end of the address so it will be like www.yourwebsite.com/index.php?id=4' then type ok.
4-If an error page appears or you get redirected,you have some chances but if it's still the same page , try another one.
Step 3-Using Havij to get DB's Informations
Here we want to use Havij to perform an sql injection.
1-Copy and paste the vulnerable link into the "target" box in Havij then click on "analyse" .
2-Some text will appear at the bottom of the havij GUI showing the state of the attack.Wait until you see there "Current DB: DataBasename" and on status:I'm IDLE.
3-Goto "Tables" ,mark the db and click on "Get Tables" then look for admin or users or other interresting informations tables the click on "Get columns" and select the data columns you want then click on "Get Data".
4-Maybe You will find admin usernames and passwords but passwords can be crypted on md5 (exemple:34981863a88ea679f4b2b42e5c07ceae)
just copy the password and look for "MD5" on Havij then crack it there.
You can also find admin pages with the admin page utility provided by Havij.
Hope It Will Help Someone Thanks for reading
This tutorial took 30mn of my life so a thank would be appreciated
2012,Cable