Tuesday, August 7, 2012

How to hack a Website using havij for education purpose only



First of all what is Havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit
SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can
perform back-end database fingerprint, retrieve DBMS users and password hashes, dump
tables and columns, fetching data from the database, running SQL statements and even
accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The
success rate is more than 95% at injec􀆟ng vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and
detections makes it easy to use for everyone even amateur users.


What is SQL Injection?
SQL Injection is common web application vulnerability due to insufficient validation on user
inputs. An attacker can inject some SQL commands into the original query written by the
developer to change the result to what he/she wants and execute his/her commands. This
work (injecting SQL commands) is called Exploitation that can cause sensitive data
disclosure, changing data, deleting data or even whole system compromise!


Who should use Havij?
All security professionals, Web administrators, web application developers, penetration
testers, everyone who wants to test his/her sites security and all hack and security
researchers can use Havij and for those who want to hack a certain site steal info like email,credit card,pay pal and even deface a website once you got the username and password of the admin(this is for educational purpose only guys so im not responsible for any of your actions)

Lets continue then.. actually havij is free but the free version cant do much anything or cant even penetrate a site so im goin to share you the cracked version license till 2099 by the great hacker exodus

Note you can download the cracked version by completing a survey so if you aren't interested on filling up things then do even bother to download this great stuff

file name is jihav.rar

Get it Here





just follow the instructions on how to set it up once you download it

ok now before you try to use this on a website 1st hide your IP of course for safety
dont use low quality vpn or hotspot shield i recommend using socks5 coz its highly anonymous
use Proxifier i got one here on my blog just search for it

ok now this is what havij looks like when you are have installed and use the license



ok now you're ready and make sure you are using proxifier ok coz you are hacking a website
now find a sql vulnerable site using hacker friendly GOOGLE yup google is hacker friendly :D

ok now use google dorks like this


inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=


ok there are alot of google dorks just type in sql dorks on google

ok type it inurl:buy.php?category= 

you will get a list on the result page  select one by one .suppose we select the 1st result click on it now put a single (')at the extreme end of the link displayed on the adress bar and press enter

ok if we get a SQL error  then the site is 110% vulnerable to sql injection

example:http://www.relayspec.com/products.php?subcat_id=315'




look at the picture it that site is sql vulnerable

now ok time for the havij to do its magic

remove the single qoute  (') we added at the end of the web link copy it and paste it on havij
as show




ok now click the analyze button ,the scanning begins and ok we got the database



click the table



then click get tables  you see the name of the database is  relay



now once you click get tables you will see the list of tables in the database


now of course you will be looking for the admin  look it up on the users
check the users then click get columns
now once you find the admin user and password gonna look the admin page so you can log it in
click the Find admin just click start and the havij will find the admin page for you
now back to the users you click get columns of course you see a list like username password email adress even billing info or credit card info paypal info aswell
now check the things you want to get like email and password or all of it then click get data on  the pic im gonna show you i just checked the email and password so i only get the list of email and their password to log in on relayspec.com


you see the password are need to be cracked so copy the password
and click on  MD5

paste the password in there and click on start and it will cracked the password
oh sometimes md5 cant cracked some password 
ok now thanks for the time and enjoy
this is for educational purpose only 







17 comments:

  1. wow this is nice haha got works like a charm thanks admin

    ReplyDelete
    Replies
    1. Can you please email me I need some help with this my email is danielmatouk@live.com.au

      Delete
    2. Hello all
      am looking few years that some guys comes into the market
      they called themselves hacker, carder or spammer they rip the
      peoples with different ways and it’s a badly impact to real hacker
      now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
      Anyone want to make deal with me any type am available but first
      I‘ll show the proof that am real then make a deal like
      Wire Bank Transfer
      Western Union,
      Money Gram
      SSN
      Hacking stuff
      Shipping product. serious / needy contact about it.


      lykovine@gmail.com

      Delete
  2. nice tutorial admin gonna try this

    ReplyDelete
  3. thanks ..can i request for a wireshark?

    ReplyDelete
  4. for those who want to download havij but cant do the survey you

    send me a message via email and i will send it to your email

    ReplyDelete
  5. thank you berry mush for this

    ReplyDelete
  6. really good can you send me havij cause i don't want to reply to survey my e mail christianfedy@gmx.ch

    ReplyDelete
    Replies
    1. i have..mine is superb and very active..cost u $50
      hv got Havij

      Delete
  7. Wow (y) One of the best tutorial i have ever found :)
    i need a crypter can you suggest me a good or link of it please ?

    ReplyDelete
  8. contact me for the best version of Havij..contact me ephy2wealth@gmail.com..cost $50

    ReplyDelete
  9. Can you please tell me where do i need to put (') ? I dont understand really... Thanks for the help

    ReplyDelete
  10. Hello all
    am looking few years that some guys comes into the market they called themselves hacker, carder or spammer they rip the peoples with different ways and it’s a badly impact to real hacker now situation is that peoples doesn’t believe that real hackers and carder scammer exists. Anyone want to make deal with me any type am available but first I‘ll show the proof that am real then make a deal like
    Wire Bank Transfer
    WU,
    MG
    SSN
    Hacking stuff
    Shipping product. Rippers / scammer stay away serious / needy contact about it.


    lykovine@yahoo.com

    ReplyDelete
  11. TOOLS&FULLZ SHOP
    _______________

    hi EveryonE!

    Are you been stuck for looking valid products or been scammed by scammers

    Here the Valid store available for all kind of tools,tutorials & Fullz with quality

    Learn hacking and spamming and do it on your own way & enjoy..........

    _______________

    1)FRESHLY SPAMMED USA FULLZ
    2)HACKING & SPAMMING TOOLS
    3)TUTORIALS
    _______________

    *Contact*
    *ICQ :748957107
    *Telegram : @James307
    *Skype : Jamesvince$
    _______________
    USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
    -FULLZ FOR PUA & SBA
    -FULLZ FOR TAX REFUND
    *fullz/lead with DL num
    *SSN+DOB
    *Premium info
    *EIN PIN LEADS
    (TAX RETURN)
    *ELECTRONIC FILING LEADS

    ID's Photos For any state (back & front)
    ________________
    +US cc Fullz
    +(Dead Fullz)
    +(Email leads with Password)
    +(Dumps track 1 & 2 with pin and without pin)
    +HACKING & CARDING TUTORIALS
    +SMTP LINUX
    +SAFE SOCK
    +CPANEL
    +RDPs
    +Spamming Tutorial
    +SERVER I.Ps
    +EMAIL COMBO
    +DUMPS TUTORIAL
    +BTC FLASHER
    +KEYLOGGER COMP&MOB
    +EMAIL BOMBER
    +SQLI INJECTOR
    +ETHICAL HACKING TUTORIAL
    +GMAIL HACKING TUTORIAL
    +PENETRATION TESTING TUTORIAL
    +PayPal Cracker
    +BTC Cracker
    +BLUE PRINTS BLOCKCHAIN
    +EMAIL BLASTER
    +SMS SENDER
    +NORD VPN
    +ONION LINKS AND TOR BROWSER (LATEST VERSION)
    +DARK HORSE TROJAN
    +NETFLIX CHECKER
    +IP ROUTING
    +KEYSTROKE LOGGER
    +WESTERN UNION LOGINs
    +ALI BABA IPs
    +KEYLOGGER
    +SHELL SCRIPTING
    _______________
    *Let's do a long term business with good profit
    *Contact for more details & deal

    *Contact*
    *ICQ :748957107
    *Telegram :@James307
    *Skype : Jamesvince$

    ReplyDelete
  12. BARNESHACK Intel are Professionals, that gets your work done in less than 24 hours.
    We provide the following services and more;
    * HACK INTO WHATSAPP, FACEBOOK, EMAIL BOX, INSTAGRAM, TEXT MESSAGES ETC.
    * RECOVER YOUR MONEY FROM ANY KIND OF SCAMMERS.
    * FREE BITCOIN LOADING AND PAYPAL LOADING, WE SHARE ON %.
    * MOBILE PHONE MONITOR/HACK.
    * HACK AND CHANGE UNIVERSITY GRADES.
    * HACK INTO ANY BANK WEBSITE.
    * HACK INTO ANY COMPANY WEBSITE.
    * HACK INTO ANY GOVERNMENT AGENCY WEBSITE.
    * HACK INTO ANY DATABASE SYSTEM AND GRANT YOU ADMIN PRIVILEGES.
    * HACK PAYPAL ACCOUNT.
    * HACK WORDPRESS BLOGS.
    * SERVER CRASHED HACK.
    * INCREASE CREDIT SCORES
    * CRIMINAL RECORDS DELETION
    * BLANK ATM/CREDIT CARDS
    * UNTRACEABLE IPs and so much more....
    * We can restore LOST FILES AND DOCUMENTS , no matter how long they have been missing.

    CONTACT:
    Email-: barneshack9@gmail.com
    Cell number-: +1(240)339-3355

    BARNESHACK Intel
    All rights reserved.
    Copyright© 2022 Privacy Policy.

    ReplyDelete