Monday, 28 April 2014

Hack Websites Using Havij

SQL Injection Tutorial

 Hello Everyone Today I'm going to teach you how yo use Havij for hacking According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available on-line through which any script kiddie can use SQL Injection to deface a website, because of these tools websites have became more vulnerable to these types of attacks.


One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.Supported Databases With Havij

Warning: Warning - This article is only for education purposes, By reading this article you agree that hack2high is not responsible in any way for any kind of damage caused by the information provided in this article.


  • MsSQL 2000/2005 with error.
  • MsSQL 2000/2005 no error union based
  • MySQL union based
  • MySQL Blind
  • MySQL error based
  • MySQL time based
  • Oracle union based
  • MsAccess union based
  • Sybase (ASE)

Let's Start

Now i will Show you step by step the process of SQL injection.

Step 1: Find SQL Injection vulnerability  in tour site and insert the string for Example : http://www.target.com/index.asp?id=123) of it in Havij as show below.



Step 3: Now click on the Analyse button as shown below.



Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:


Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:

Step 5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.

Countermeasures: 

Here are some of the countermeasures you can take to reduce the risk of SQL Injection
  1. Renaming the admin page will make it difficult for a hacker to locate it
  2. Use a Intrusion detection system and compose the signatures for popular SQL injection strings
  3. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.
Enjoy...... :D :D :D

Related Posts:

  • THE HACKER'S UNDERGROUND HANDBOOK THE HACKER'S UNDERGROUND HANDBOOK This book will take you from the core to the top. It will tell you how to hack in simple steps. Everything is presented in a simple and effective manner. It’s a great source for the b… Read More
  • Facebook complete Hacking 3 12. In attacker computer if there’s any vulnerability in victim computer browser it will return sessions value that mean the exploit successfully attacking victim computer. In this case the exp… Read More
  • Hacking For Dummies, 4th Edition Hacking For Dummies, 4th Edition Book Description The best way to stay safe online is to stop hackers before they attack - first, by understanding their thinking and second, by ethically hackingyour own site to meas… Read More
  • Hide Data in Image, Audio and Video Files: Steganography: Hide Data in Image, Audio and Video Files: Steganography: Hello Everyone Today i'm going to tell you that how to Hide Data in Image, Audio and Video Files: with Steganography. What is Steganography? Steganography… Read More
  • Maximum Security: A Hacker's Guide to Protecting Your Internet Site and NetworkMaximum Security: A Hacker's Guide to Protecting Your Internet Site and Network may be able to penetrate your system and the steps that you can take to stop them. Before he was arrested, the author used his considerable t… Read More

0 comments:

Post a Comment