How to hack a Website using havij for education purpose only

First of all what is Havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit
SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can
perform back-end database fingerprint, retrieve DBMS users and password hashes, dump
tables and columns, fetching data from the database, running SQL statements and even
accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The
success rate is more than 95% at injec􀆟ng vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and
detections makes it easy to use for everyone even amateur users.


What is SQL Injection?
SQL Injection is common web application vulnerability due to insufficient validation on user
inputs. An attacker can inject some SQL commands into the original query written by the
developer to change the result to what he/she wants and execute his/her commands. This
work (injecting SQL commands) is called Exploitation that can cause sensitive data
disclosure, changing data, deleting data or even whole system compromise!


Who should use Havij?
All security professionals, Web administrators, web application developers, penetration
testers, everyone who wants to test his/her sites security and all hack and security
researchers can use Havij and for those who want to hack a certain site steal info like email,credit card,pay pal and even deface a website once you got the username and password of the admin(this is for educational purpose only guys so im not responsible for any of your actions)

Lets continue then.. actually havij is free but the free version cant do much anything or cant even penetrate a site so im goin to share you the cracked version license till 2099 by the great hacker exodus

Note you can download the cracked version by completing a survey so if you aren't interested on filling up things then do even bother to download this great stuff

file name is jihav.rar

Get it Here

just follow the instructions on how to set it up once you download it

ok now before you try to use this on a website 1st hide your IP of course for safety
dont use low quality vpn or hotspot shield i recommend using socks5 coz its highly anonymous
use Proxifier i got one here on my blog just search for it

ok now this is what havij looks like when you are have installed and use the license

ok now you're ready and make sure you are using proxifier ok coz you are hacking a website
now find a sql vulnerable site using hacker friendly GOOGLE yup google is hacker friendly :D

ok now use google dorks like this

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

ok there are alot of google dorks just type in sql dorks on google

ok type it inurl:buy.php?category= 

you will get a list on the result page  select one by one .suppose we select the 1st result click on it now put a single (')at the extreme end of the link displayed on the adress bar and press enter

ok if we get a SQL error  then the site is 110% vulnerable to sql injection

example:http://www.relayspec.com/products.php?subcat_id=315'

look at the picture it that site is sql vulnerable

now ok time for the havij to do its magic

remove the single qoute  (') we added at the end of the web link copy it and paste it on havij
as show

ok now click the analyze button ,the scanning begins and ok we got the database

click the table

then click get tables  you see the name of the database is  relay

now once you click get tables you will see the list of tables in the database

now of course you will be looking for the admin  look it up on the users

check the users then click get columns

now once you find the admin user and password gonna look the admin page so you can log it in

click the Find admin just click start and the havij will find the admin page for you

now back to the users you click get columns of course you see a list like username password email adress even billing info or credit card info paypal info aswell

now check the things you want to get like email and password or all of it then click get data on  the pic im gonna show you i just checked the email and password so i only get the list of email and their password to log in on relayspec.com

you see the password are need to be cracked so copy the password

and click on  MD5

paste the password in there and click on start and it will cracked the password

oh sometimes md5 cant cracked some password 

ok now thanks for the time and enjoy

this is for educational purpose only