TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!


 
PortalHomeFAQRegisterLog in

Share | 
 

 SQL Injection Using Havij - Full Tutorial

Go down 
AuthorMessage
Malay Akechan
Administrator
Administrator
avatar

Points : 676
Posts : 244
Join date : 2011-04-04
Location : Muzaffarpur, New Delhi
OS Used : Windows 7 & XP
Mobile : Nokia 5233, Samsung Galaxy Tab
Browser : Google Chrome Plus

PostSubject: SQL Injection Using Havij - Full Tutorial   Sun Aug 21, 2011 11:54 am

Last time I discussed the latest release of Havij. See it here.

In this tutorial we will discuss the automated SQL Injection technique of Havij that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. sarcastic

We will use google dorks to find the vulnerable websites, there is a big list of google dorks which I will post in my future posts but at this time we will only use the following:

Code:
nurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

Just search google using one of the dork and you will see a lot of vulnerable websites.

Open any one of the website than put ‘ after the link look:

If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.

[You must be registered and logged in to see this image.]


Now here i found a vulernable site - [You must be registered and logged in to see this link.] wave

Now Let's start

Open havij and copy and paste infected link as shown in figure.

[You must be registered and logged in to see this image.]

Now click on the "Analyze" button.

[You must be registered and logged in to see this image.]

Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.

Then after get it's database is name like xxxx_xxxx

[You must be registered and logged in to see this image.]
Then Move to another operation to find tables by clicking "tables" as figure shown.
Now click "Get tables" Then wait for sometime if needed.

[You must be registered and logged in to see this image.]

After founded the tables, you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure.

[You must be registered and logged in to see this image.]


In that Just put mark username and password and click "Get data"

[You must be registered and logged in to see this image.]

Bingo bounce Got id and pass that might be Admin.

The pass will get as md5 you can crack it also using this tool as shown in figure...

[You must be registered and logged in to see this image.]

[You must be registered and logged in to see this image.]

[You must be registered and logged in to see this image.]

I hope this will prove to be useful. afro

Feel free to ask your queries regarding Havij. diblo


Last edited by Malay Akechan on Fri Sep 16, 2011 8:46 pm; edited 1 time in total
Back to top Go down
http://www.tgsforum.in
ungli
Moderator
Moderator
avatar

Points : 497
Posts : 222
Join date : 2011-04-05
Age : 26

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Sun Aug 21, 2011 12:32 pm

yaaa Great Thread !!
Back to top Go down
L30_Ph3niX
Grade - 2
Grade - 2
avatar

Points : 113
Posts : 56
Join date : 2011-08-12
Age : 25
Location : Greater Noida

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Wed Aug 24, 2011 1:47 am

Thanks sarcastic but I have to ask a question that how to find vulnerability in any site....I mean there are Millions of sites out thr...so finding few vulnerable sites is not a big deal ryt....But how to find vulnerabilities on a particular site ??? Suspect

and how to get the login page for this usernames and password cause the s/w is aint able to find the admin page !!! WTF


Last edited by arush.sal on Wed Aug 24, 2011 3:26 am; edited 1 time in total
Back to top Go down
http://www.encode.co.in
L30_Ph3niX
Grade - 2
Grade - 2
avatar

Points : 113
Posts : 56
Join date : 2011-08-12
Age : 25
Location : Greater Noida

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Wed Aug 24, 2011 1:54 am

and one more thing this sqlI attacks these are attacks based for sites with items or elements categorized right ?? How to attack on some normal site with just a Login Page(Exactly I am asking about Input Validation attacks and getting into sites,"normal sites"). e.g : 122.160.168.146/websimums(I just fun googling with IP adds and found this one) Now I wish to ask how to get into some sites like this ??? neut
Back to top Go down
http://www.encode.co.in
Malay Akechan
Administrator
Administrator
avatar

Points : 676
Posts : 244
Join date : 2011-04-04
Location : Muzaffarpur, New Delhi
OS Used : Windows 7 & XP
Mobile : Nokia 5233, Samsung Galaxy Tab
Browser : Google Chrome Plus

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Wed Aug 24, 2011 9:18 am

For finding vulnerability in a particular site, google proves to be the best tool once again.

Suppose that we have a website [You must be registered and logged in to see this link.] which is likely to contain SQL errors on its pages.

In order to find such errors we can use page finder Google dorks in different ways. yes

For example:

Code:
site:[You must be registered and logged in to see this link.] intext:"Warning: mysql_fetch_array()

Such dorks will show you the exact page in the site which contains vulnerability.

Now, as there are many types of vulnerabilities, you cannot be sure that which dork is gonna work for a particular site. No
But if you have a good understanding of SQL queries, you can do that easily.

Here are some common dorks to find errors on pages:

Code:
intext:"Warning: mysql_fetch_array()

intext:"Warning: getimagesize()

intext:"Warning: session_start()

intext:"Warning: mysql_num_rows()

intext:"Warning: mysql_query()

intext:"Warning: array_merge()

intext:"Warning: preg_match()

intext:"Warning: ilesize()

intext:"Warning: filesize()

intext:"Warning: mysql_fetch_assoc()

intext:"Warning: is_writable()

intext:"Warning: Unknown()

intext:"Warning: mysql_result()

intext:"Warning: pg_exec()

intext:"Warning: require()

I hope this was helpful. sarcastic

Feel free to ask if the doubts persist. bounce
Back to top Go down
http://www.tgsforum.in
L30_Ph3niX
Grade - 2
Grade - 2
avatar

Points : 113
Posts : 56
Join date : 2011-08-12
Age : 25
Location : Greater Noida

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Fri Aug 26, 2011 6:37 am

Okay thanks i got you yes ........but what if the vulnerability is ain't a sql type No ?? I mean if the vulnerability is to be tested for a web application wch is the only service running on that ip then how to scan that for any kind of vulnerability and all Suspect ....

One more thing apart from sql vulnerability what can be the other type of vulnerability most likely to be found or to be searched for in a site ???

thanks in advance and for the previous one too........ :)
Back to top Go down
http://www.encode.co.in
Malay Akechan
Administrator
Administrator
avatar

Points : 676
Posts : 244
Join date : 2011-04-04
Location : Muzaffarpur, New Delhi
OS Used : Windows 7 & XP
Mobile : Nokia 5233, Samsung Galaxy Tab
Browser : Google Chrome Plus

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Fri Aug 26, 2011 5:36 pm

For that I will post an article about Vulnerabillity Assesment Tools soon. yes

Back to top Go down
http://www.tgsforum.in
arjunchauhan24
Newbie
Newbie


Points : 3
Posts : 3
Join date : 2011-08-30

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Wed Aug 31, 2011 4:19 pm

Found everything ...


Username - hypetrading
Password - putanginamo

but can't find admin page... :(
Back to top Go down
L30_Ph3niX
Grade - 2
Grade - 2
avatar

Points : 113
Posts : 56
Join date : 2011-08-12
Age : 25
Location : Greater Noida

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Fri Sep 02, 2011 1:38 am

poke bro waiting for the Vulnerability Assessment Tools post
Back to top Go down
http://www.encode.co.in
Malay Akechan
Administrator
Administrator
avatar

Points : 676
Posts : 244
Join date : 2011-04-04
Location : Muzaffarpur, New Delhi
OS Used : Windows 7 & XP
Mobile : Nokia 5233, Samsung Galaxy Tab
Browser : Google Chrome Plus

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Fri Sep 02, 2011 7:36 pm

arush.sal wrote:
poke bro waiting for the Vulnerability Assessment Tools post

Thread posted. Check it out here.

Feel free to ask if doubts persist. yes
Back to top Go down
http://www.tgsforum.in
puto
Newbie
Newbie


Points : 4
Posts : 4
Join date : 2012-01-24

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Wed Feb 01, 2012 11:32 pm

Hello sir, I've tried these and I've found error on a wevsite but when I use the havji it always shows these error
MySQL error based injection method cant be used!
MsSQL time based injection method can't be used
MySQL time based injection method can't be used
It seems that input parameter is not effective! Check the following:
Are you sure input parameter really exist?!
Are you sure the input value '3' is valid?
Are you sure the 'GET' method is correct?
Hope I can try atleast one. Thanks
Back to top Go down
smartcool75
Newbie
Newbie


Points : 1
Posts : 1
Join date : 2012-07-23

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Tue Jul 24, 2012 12:03 am

puto wrote:
Hello sir, I've tried these and I've found error on a wevsite but when I use the havji it always shows these error
MySQL error based injection method cant be used!
MsSQL time based injection method can't be used
MySQL time based injection method can't be used
It seems that input parameter is not effective! Check the following:
Are you sure input parameter really exist?!
Are you sure the input value '3' is valid?
Are you sure the 'GET' method is correct?
Hope I can try atleast one. Thanks
hi this mean u r not able to get database or hack that database.
Back to top Go down
peterpan
Newbie
Newbie


Points : 1
Posts : 1
Join date : 2012-10-25

PostSubject: Re: SQL Injection Using Havij - Full Tutorial   Thu Oct 25, 2012 8:16 pm

thanks for this tut but how do you do strongbox sites and ocr
Back to top Go down
Sponsored content




PostSubject: Re: SQL Injection Using Havij - Full Tutorial   

Back to top Go down
 
SQL Injection Using Havij - Full Tutorial
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
TGS Forum :: Hacking Section :: Hacking Tutorials-
Jump to:  
Make a forum | © phpBB | Free forum support | Contact | Report an abuse | Free forum