DOWNLOAD NOW HAVJI
We will use google dorks to find the vulnerable websites, there is a big list of google dorks which I will post in my future posts but at this time we will only use the following:
| Code: |
nurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= |
Just search google using one of the dork and you will see a lot of vulnerable websites.
Open any one of the website than put ‘ after the link look:
If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.
Now here i found a vulernable site
Now Let's start
Open havij and copy and paste infected link as shown in figure.
Now click on the "Analyze" button.
Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.
Then after get it's database is name like xxxx_xxxx
Then Move to another operation to find tables by clicking "tables" as figure shown.
Now click "Get tables" Then wait for sometime if needed.
After founded the tables, you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure.
In that Just put mark username and password and click "Get data"
Bingo
Got id and pass that might be Admin.The pass most of the time will get as md5 you can crack it also using this tool as shown in figure...
I hope this will prove to be useful.
Feel free to ask your queries regarding Havij.
No comments:
Post a Comment