Hack Websites Using Havij [SQL Injection] Full Tutorial

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a website, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Supported Databases With Havij

• MsSQL 2000/212 with error.

• MsSQL 2000/2014 no error union based

• MySQL union based

• MySQL Blind

• MySQL error based

• MySQL time based

• Oracle union based

• Ms Access union based

• Sybase (ASE)

Things We Need:

1. Havij Tool - (Search In Google And Download Cracked Version.)
2.  SQLI Vulnerable Website. - Use Google Dorks To Search Vulnerable Website.

Start Tutorial.

1. Open Havij.
2. Type Vulnerable Website Inside It And Hit Analyze Button.

3. Now Click On Tables Tab And Then Hit Get DBs Button.

4. Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.

5. You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick Related Tables And Hit Get Columns Button.

6. You Have Got Columns From Ticked Table. Tick Related Columns And Press Get DataButton.

I Am Going To Choose Username, Password, UserGroup Columns. There Should Be Stored Data Related To Admin's Username, Password Etc.

7. Bingo! You Have Got Username And Password Of Admin.

How To Crack Hash?

As You Can See, We Have Received All Information Of Admin. Like Username, Password And UserGroup. But We Have Received Password In The Shape Of Hash. In Order To See The Real Password. We Have To Crack This Code. For Cracking This Code. We Will Make Use Of Havij Tool Again. Follow Me To Crack This Hash.

1. You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.

2. You Can See Password In Plain Text In Result Now. See Picture Below.

Find Admin Page

We Have Got Everything. Like Username, Password. But Where To Use Them And Get Admin Rights? You Need To Find The Admin Login Page Of Target Site. For Finding Admin Page Of Target Site. We Will Use Havij Again.

1. In Buttons List, Press Find Admin Button. Type Homepage Url Of Target Site. Press Start Button.

You Will Get Result Same Like Hash Cracking. You Will Be Able To See The Page. Which Admin Of Your Target Site Use To Login.