Hello, I am going to show you how you can use Havij, to do a SQL injection attack.
FIRST,
find any vulnerable website from google using dorks
some well-known dorks
Steps-
1. Firstly what you need to do is get your vulnerable site ready with the ID on the end, in this case "nwid=1658". You then need to enter the whole link into the Havij "target" bar.
![[Image: asdmza.jpg]](http://img251.imageshack.us/img251/5931/asdmza.jpg)
2. Once you've entered the link into the "target" box you need to press the analyze button. Let it go through until it has completed finding everything it needs to about the database.
3. Once it's done the Get DB button should appear clickable, click that. Inside there you will see the databases you need to find the one which contains user information in this case it's "rajsoft_mprealtynews", check the box next to it and press "get tables". After that another drop down will appear with a list of things. You need to find something that is associated with usernames and passwords, in this case "users". After you check users you need to press "get columns", that will then return the columns inside that table
.
4. will create another drop down, and from there you need to find username and password, these are easily located. Tick both "username" and "password" then press "Get Data". Once you've pressed it, it will display every username and password on that DB selected, usually find the one with the username, "admin".
Once you have finished collecting all the data you can export it into a .html file, which will organise it and format it nicely into a table, for easy reading.
FIRST,
find any vulnerable website from google using dorks
some well-known dorks
- Find Vunl Websites :
index.php?id=
- trainers.php?id=
- buy.php?category=
- article.php?ID=
- play_old.php?id=
- declaration_more.php?decl_id=
- pageid=
- games.php?id=
- page.php?file=
- newsDetail.php?id=
- gallery.php?id=
- show.php?id=
- staff_id=
- newsitem.php?num=
- readnews.php?id=
- top10.php?cat=
- historialeer.php?num=
- reagir.php?num=
Steps-
1. Firstly what you need to do is get your vulnerable site ready with the ID on the end, in this case "nwid=1658". You then need to enter the whole link into the Havij "target" bar.
2. Once you've entered the link into the "target" box you need to press the analyze button. Let it go through until it has completed finding everything it needs to about the database.
3. Once it's done the Get DB button should appear clickable, click that. Inside there you will see the databases you need to find the one which contains user information in this case it's "rajsoft_mprealtynews", check the box next to it and press "get tables". After that another drop down will appear with a list of things. You need to find something that is associated with usernames and passwords, in this case "users". After you check users you need to press "get columns", that will then return the columns inside that table
.
4. will create another drop down, and from there you need to find username and password, these are easily located. Tick both "username" and "password" then press "Get Data". Once you've pressed it, it will display every username and password on that DB selected, usually find the one with the username, "admin".
Extra steps
Once you have finished collecting all the data you can export it into a .html file, which will organise it and format it nicely into a table, for easy reading.
0 comments:
Post a Comment