Introduction:
Once you choose a website, type ‘ at the end like shown below and press enter. If you get an error, then the website is vulnerable to SQL Injection.
Havij is an automated SQL Injection tool that helps
penetration testers to find and exploit SQL Injection vulnerabilities on
a web page.
It can take advantage of a vulnerable web
application. By using this software user can perform back-end database
fingerprint, retrieve DBMS users and password hashes, dump tables and
columns, fetching data from the database, running SQL statements and
even accessing the underlying file system and executing commands on the
operating system.
Preparation :
- Download Free edition from Havij (In the same page, you can see the difference between free and professional edition). It is matter of what your target is.
- Now you google with below options to find websites vulnerable for targetting SQL Injection with Havij
inurl:index.php?id=
inurl:article.php?id=
inurl:article.php?id=
Once you choose a website, type ‘ at the end like shown below and press enter. If you get an error, then the website is vulnerable to SQL Injection.
http://www.hackinvasion/site/content.php?vn=3&id=77′
1. Retrieve DB Information:
Copy and paste the target url in ‘Target’ column and
click ‘Analyze’
Once Havij is successful in retrieving DB name, it will stop
and you can see the database details either at the log window or ‘Info’
option. Havij will retrieve Web Server Type (Apache, IIS or other), DB Type (My
SQL, MS SQL or other) and DB Name
Once this is successful, you can make sure that
you are in right path i.e; your target is vulnerable to SQL Injection Attack
2. Retrieve Tables:
Now you need to retrieve all table that contains user name
and password to login to the website. Choose the db and Click ‘Get Tables’ option.
Here you go, now all the tables are retrieved from DB. You
can either wait till it retrieves all the tables or you can just stop the top
when you see any suspected table like one below. I stopped the processing when
Havij found a table that I suspected to be containing user names and passwords
for the website.
3. Retrieve Table Columns:
Before you start retrieving data of a specific table, you
need to get the columns. So mark the suspected password table and click ‘Get
Columns’
I am really sorry for marking all website specific details
with red mark, I must do that to safeguard.
4. Retrieve User name and Password:
You are at final stage of hacking . Mark the database, table
and columns to be retrieved and you have option of retrieving only one row.
Choose ‘Get Data’ to let Havij give you member access to the site.
I am done now, luckily my target website didn’t store
passwords encrypted and I have their website’s admin password. That’s it!
If the password is encrypted, Havij has inbuilt MD5 option where you can
specify the MD5 hash to be cracked. Havij will look for hash in
several sites in mul thread mode and displays the result.
Thanks to :www.hackandsecure.com
