According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.
Supported Databases With Havij
- MsSQL 2000/2005 with error.
- MsSQL 2000/2005 no error union based
- MySQL union based
- MySQL Blind
- MySQL error based
- MySQL time based
- Oracle union based
- MsAccess union based
- Sybase (ASE)
- Havij Tool - (Search In Google And Download Cracked Version.)
- SQLI Vulnerable Website. - Use Google Dorks To Search Vulnerable Website.
- Open Havij.
- Type Vulnerable Website Inside It And Hit Analyze Button.
- Now Click On Tables Tab And Then Hit Get DBs Button.
- Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.
- You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick Related Tables And Hit Get Columns Button.
- You Have Got Columns From Ticked Table. Tick Related Columns And Press Get DataButton.
- Bingo! You Have Got Username And Password Of Admin.
How To Crack Hash?
As You Can See, We Have Received All Information Of Admin. Like Username, Password And UserGroup. But We Have Received Password In The Shape Of Hash. In Order To See The Real Password. We Have To Crack This Code. For Cracking This Code. We Will Make Use Of Havij Tool Again. Follow Me To Crack This Hash.
- You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.
- You Can See Password In Plain Text In Result Now. See Picture Below.
Find Admin Page
We Have Got Everything. Like Username, Password. But Where To Use Them And Get Admin Rights? You Need To Find The Admin Login Page Of Target Site. For Finding Admin Page Of Target Site. We Will Use Havij Again.
- In Buttons List, Press Find Admin Button. Type Homepage Url Of Target Site. Press Start Button.
You Will Get Result Same Like Hash Cracking. You Will Be Able To See The Page. Which Admin Of Your Target Site Use To Login.
-------------------------------------------------------------------------------------------------------KNOXD3CrypT0r
Posts
![SQL Injection Basics - Union Based [Detailed Tutorial]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjQpa2wuMB-m5CXPVf71GUOkfiIOQA8KTyQ-_zfAl0SZa23UBN1QJaO2ZMGRDZlmDJTYf2jJ4ik3Xnj1locc38Yv9l6VMxTWt32s86JtXtLABDn20DRuAcbLPKMb9m2hc6PDmjIjvU-us/s72-c/SQL-Injection-Attack.jpg)
No comments:
Post a Comment