Header Ads

Hack Websites Using Havij [SQL Injection] Full Tutorial

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a website, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Supported Databases With Havij

  • MsSQL 2000/212 with error.
  • MsSQL 2000/2014 no error union based
  • MySQL union based
  • MySQL Blind
  • MySQL error based
  • MySQL time based
  • Oracle union based
  • Ms Access union based
  • Sybase (ASE)
Things We Need:
  1. Havij Tool - (Search In Google And Download Cracked Version.)
  2.  SQLI Vulnerable Website. - Use Google Dorks To Search Vulnerable Website.
Start Tutorial.

  1. Open Havij.
  2. Type Vulnerable Website Inside It And Hit Analyze Button.

Havij Hacking Tutorial

  1. Now Click On Tables Tab And Then Hit Get DBs Button.

Havij Hacking Tutorial

  1. Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.

Havij Hacking Tutorial

  1. You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick Related Tables And Hit Get Columns Button.

How To Hack Website

  1. You Have Got Columns From Ticked Table. Tick Related Columns And Press Get DataButton.
I Am Going To Choose Username, Password, UserGroup Columns. There Should Be Stored Data Related To Admin's Username, Password Etc.

Havij Hacking Tutorial

  1. Bingo! You Have Got Username And Password Of Admin.

Havij Hacking Tutorial

How To Crack Hash?

As You Can See, We Have Received All Information Of Admin. Like Username, Password And UserGroup. But We Have Received Password In The Shape Of Hash. In Order To See The Real Password. We Have To Crack This Code. For Cracking This Code. We Will Make Use Of Havij Tool Again. Follow Me To Crack This Hash.

  1. You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.

Havij Hacking Tutorial

  1. You Can See Password In Plain Text In Result Now. See Picture Below.

Havij Hacking Tutorial

Find Admin Page

We Have Got Everything. Like Username, Password. But Where To Use Them And Get Admin Rights? You Need To Find The Admin Login Page Of Target Site. For Finding Admin Page Of Target Site. We Will Use Havij Again.
  1. In Buttons List, Press Find Admin Button. Type Homepage Url Of Target Site. Press Start Button.

Havij Hacking Tutorial

You Will Get Result Same Like Hash Cracking. You Will Be Able To See The Page. Which Admin Of Your Target Site Use To Login.

No comments

Silahkan Komentar dengan bahasa yang sopan

Powered by Blogger.