Hello guys, Today I'm going to teach you guys how to exploit SQL vulnerable sites using Havij Automatic (Advance SQL Injection Tool).
So lets start the tutorial to hack a website using Havij.
By SQL injecting you will get the Website's Database. First you should know what a Database is.
The Website Database is a collection of Information like Images, Login ID's, Password, Company Data, etc.
That is all stored in a Server Database so that it can be easily acessed, managed and updated. In one view,
databases can be classified according to types of content : Bibilographic, full-text, numeric, and Images etc.
What is Havij ?
Havij Pro is an advanced SQLi Vulnerability Exploiter, that can Exploit SQL Injection Vulnerability in Website
and and get accessed into website database. Havij is Automatic Advance SQLi Tool.
So lets start it.
First using Havij is an easy way.There aren't any complicated steps to be followed unlike when you are manualy injecting it.
But you wouldn't know what actually Havij is doing if you haven't learned manual SQL injection.
Things you will need :
Havij Pro (Google it or comment if you can't find it)
A website Vulnerable ro SQL (You can use Google dorks to find)
And probably a BRAIN. :P
NOTE: If you want to find SQL in a particular your desired website, you can use Acunetix or Owasp vulnerability scanner.
The real deal comes here.[EASY]
After you have found SQL vulnerability in a website.
Enter Website URL into Target box and Analyze it.
After Analyzing you can see that, It will find Database name, Tables and other things.
Always keep your an eye on STATUS BOX [Log]
And now, We got Database name and Tables, Let's find out Columns and Data of Emails, Users, Password etc.
Now after getting Database name, you can see that "Tables" button is activated and we can read Tables.
Just click on "Tables" and you will get table.
Here, we are Successful in finding database Table, now it's time to find Database Row and Columns,
So now click on Get DBs.
DBs will load all Database to Program and it can be easily access-able. Now again click on Get Tables.
Finally we got up 'users' table, Now select users and click on 'Get Columns'.
After Getting Columns and all.. Finally Click on 'Get Data' and you will get all login ID and passwords.
So, here we got up Website Admin ID and Password. Now finally you have to decrypt the password if it is hashed.[ In most websites passwords are hashed]
Now, it's time to Enter into Website using this Two Admin login ID and Password.
To get the Admin page Click on 'Find Admin' and click on start to Analyze the admin page.
Now go to that URL of admin and Login with ID and password you got from Database. Now you have successfully hacked into a website.
You just need to upload the shell and do much more exciting things.
If you don't have a Vulnerable Website then Just Create Penetration testing lab in your Computer like OWASP-BWA, DVWA etc.
NOTE: This article is for educational purposes only. I am not responsible for any misuse of this article. Remember that hacking is illegal in most of the countries. You can create a Pentesting lab and test your skills there.
No comments:
Post a Comment