- Joined
- May 15, 2016
- Messages
- 14,175
- Likes
- 2,643
- Points
- 1,730
Havij Tutorial
-On this tutorial I will be teaching you, how to simply use Havij
-Remember this is for education porpuse only
-No images were used on this TuT
-So let's start by opening Havij.
-Once you open it, it should have a place to add your "Target: ________________" and a "Analyze" Button.
-Now its time to search for a target, for that use your "bestfriend"....GOOGLE (google dorks)
Here's a example:
- Code: SELECT ALL
inurl:index.php?id:
-Copy it, and search it on GOOGLE
-Imagine that your target looks like this: www.*snip*.com/index.php?id=341
-To check if it is vulnerable to SQL injection just add a quote on the end of the url, like this:www.*snip*.com/index.php?id=341'
-If it is, you probably are going to see a SQL error message or something on the website will dissapear.
-OK, now its time to go back to Havij.
-On Havij just place your target without the quote, TARGET: www.*snip*.com/index.php?id=341 , and Press ANALYZE
-If it works properly, on the lower part of the software you will get Columns, then Click to get Tables and for there on...
-Once thats done, search for the Users/Admins and Passwords.
-If you find it, its time to get the "admin login PAGE"
-For that just click on "Find Admin" and paste the website without the index,etc, like this: www.*snip*.com
-Let's imagine that mine is: www.*snip*.com/Admin_Login.php
-Just Login with the Admin username and Password that you get from the data.
-And now you'r in!
-Get as much data as you can.
But Remember this is for education porpuse only.
If you have any question, feel free to ask it on the comments
-On this tutorial I will be teaching you, how to simply use Havij
-Remember this is for education porpuse only
-No images were used on this TuT
-So let's start by opening Havij.
-Once you open it, it should have a place to add your "Target: ________________" and a "Analyze" Button.
-Now its time to search for a target, for that use your "bestfriend"....GOOGLE (google dorks)
Here's a example:
- Code: SELECT ALL
inurl:index.php?id:
-Copy it, and search it on GOOGLE
-Imagine that your target looks like this: www.*snip*.com/index.php?id=341
-To check if it is vulnerable to SQL injection just add a quote on the end of the url, like this:www.*snip*.com/index.php?id=341'
-If it is, you probably are going to see a SQL error message or something on the website will dissapear.
-OK, now its time to go back to Havij.
-On Havij just place your target without the quote, TARGET: www.*snip*.com/index.php?id=341 , and Press ANALYZE
-If it works properly, on the lower part of the software you will get Columns, then Click to get Tables and for there on...
-Once thats done, search for the Users/Admins and Passwords.
-If you find it, its time to get the "admin login PAGE"
-For that just click on "Find Admin" and paste the website without the index,etc, like this: www.*snip*.com
-Let's imagine that mine is: www.*snip*.com/Admin_Login.php
-Just Login with the Admin username and Password that you get from the data.
-And now you'r in!
-Get as much data as you can.
But Remember this is for education porpuse only.
If you have any question, feel free to ask it on the comments