Post: [TUT] SQL injection w/ Havij
Options
03-05-2011, 02:14 PM
#1
ysinha123
Haxor!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable
at the bottom, you're good to go.6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
03-05-2011, 03:14 PM
#2
Josh
League Champion
Originally posted by ysinha123
This is by far the easiest way to SQL inject a website!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable at the bottom, you're good to go.
6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
1. Download Havij- You must login or register to view this content. and install
2. Find a vulnerable site with the .php?id=123 sort of ending that gives an error when you add a ' to the url.
3. You must login or register to view this content. Hit analyze.
4. Have some tea or whatever while it's working
5. If it says Target Vulnerable
at the bottom, you're good to go.6. When you get this, You must login or register to view this content.
7. Hit 'Get Tables' and wait till you find users or admin or whatever the DB with the admin info is.
8. Check said table, and hit 'Get Columns' and wait until you find columns, and then check appropriate columns, like so, and hit get data. You must login or register to view this content.
9. If you have a hash and/or don't know where the admincp is, use 'Find Admin' / 'MD5'
10.Congrats!
I'm having a problem. I'm trying to hack a person's website, & it's coming up with an error:
Originally posted by another user
There is no input to inject. Please enter an input parameter or use %Inject_Here% tag to define injection point
Mind helping me out a bit?
Also, you should do a multipage, where it is titled "errors... If you get errors, you should do..."
03-05-2011, 03:23 PM
#3
ysinha123
Haxor!
Originally posted by Dr.
I'm having a problem. I'm trying to hack a person's website, & it's coming up with an error:
Mind helping me out a bit?
Also, you should do a multipage, where it is titled "errors... If you get errors, you should do..."
Mind helping me out a bit?
Also, you should do a multipage, where it is titled "errors... If you get errors, you should do..."
You need to have the something.php?id=123 at the end.
And tell me how to do multi-page?:dunce:
03-05-2011, 03:32 PM
#4
Josh
League Champion
Originally posted by ysinha123
You need to have the something.php?id=123 at the end.
And tell me how to do multi-page?:dunce:
And tell me how to do multi-page?:dunce:
[multipage*=PAGE TITLE][/multipage]
And I got this:
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Trying again to find columns count with string type(MySQL,MsSQL 2005): 14
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 15
Canceling...
Cannot find column count!
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Canceling...
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Finding columns count(MySQL,MsSQL 2005): 18
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Finding columns count(MySQL,MsSQL 2005): 20
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Trying again to find columns count with string type(MySQL,MsSQL 2005): 16
Finding admin page: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Job Finished
I got bored of waiting more than 60 seconds! (request timed out)
Trying again to find columns count with string type(MySQL,MsSQL 2005): 20
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 30
It's not that big of a website, only about 50 - 60 members on there, and I doubt it has uber good security... Mind explaining?
03-05-2011, 07:48 PM
#6
Tuhoaja
Banned
Have you ever done manual SQL Injection...
And
I think you are a skid
And
The following user thanked Tuhoaja for this useful post:
03-05-2011, 09:23 PM
#7
ysinha123
Haxor!
Originally posted by Dr.
[multipage*=PAGE TITLE][/multipage]
And I got this:
Havij 1.14 Free!
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Trying again to find columns count with string type(MySQL,MsSQL 2005): 14
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 15
Canceling...
Cannot find column count!
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Canceling...
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Finding columns count(MySQL,MsSQL 2005): 18
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Finding columns count(MySQL,MsSQL 2005): 20
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Trying again to find columns count with string type(MySQL,MsSQL 2005): 16
Finding admin page: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Job Finished
I got bored of waiting more than 60 seconds! (request timed out)
Trying again to find columns count with string type(MySQL,MsSQL 2005): 20
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 30
It's not that big of a website, only about 50 - 60 members on there, and I doubt it has uber good security... Mind explaining?
And I got this:
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Trying again to find columns count with string type(MySQL,MsSQL 2005): 14
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 15
Canceling...
Cannot find column count!
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Canceling...
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Finding columns count(MySQL,MsSQL 2005): 18
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Finding columns count(MySQL,MsSQL 2005): 20
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Trying again to find columns count with string type(MySQL,MsSQL 2005): 16
Finding admin page: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Job Finished
I got bored of waiting more than 60 seconds! (request timed out)
Trying again to find columns count with string type(MySQL,MsSQL 2005): 20
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 30
It's not that big of a website, only about 50 - 60 members on there, and I doubt it has uber good security... Mind explaining?
Link me to the site and i'll try it
---------- Post added at 05:22 PM ---------- Previous post was at 05:21 PM ----------
Originally posted by St0rM
You need a google dork, plus this isn't the pro version so you can't dump the database.
So you won't hack sh1t with the free version unless your planning on getting the pro.
So you won't hack sh1t with the free version unless your planning on getting the pro.
Yeah, you can. Have you ever actually tried it?
---------- Post added at 05:23 PM ---------- Previous post was at 05:22 PM ----------
Originally posted by Tuhoaja
Have you ever done manual SQL Injection...
And
I think you are a skid
And
Yeah I have, but there's already a tut on that here.
03-05-2011, 09:29 PM
#8
St0rM
Treasure hunter
Originally posted by another user
Yeah, you can. Have you ever actually tried it?
Yes, says I need the pro, I use to do sqli injections when I was beginning to learn hacking.
---------- Post added at 04:29 PM ---------- Previous post was at 04:27 PM ----------
Originally posted by Dr.
[multipage*=PAGE TITLE][/multipage]
And I got this:
Havij 1.14 Free!
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Trying again to find columns count with string type(MySQL,MsSQL 2005): 14
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 15
Canceling...
Cannot find column count!
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Canceling...
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Finding columns count(MySQL,MsSQL 2005): 18
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Finding columns count(MySQL,MsSQL 2005): 20
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Trying again to find columns count with string type(MySQL,MsSQL 2005): 16
Finding admin page: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Job Finished
I got bored of waiting more than 60 seconds! (request timed out)
Trying again to find columns count with string type(MySQL,MsSQL 2005): 20
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 30
It's not that big of a website, only about 50 - 60 members on there, and I doubt it has uber good security... Mind explaining?
And I got this:
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Trying again to find columns count with string type(MySQL,MsSQL 2005): 14
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 15
Canceling...
Cannot find column count!
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Canceling...
Job Canceled!
You are using the Free version of Havij which is limited in some features, Please purchase the commerical version at You must login or register to view this content.
Analyzing You must login or register to view this content.
Host IP: 184.168.139.1
Web Server: Apache
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Finding columns count(MySQL,MsSQL 2005): 18
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Finding columns count(MySQL,MsSQL 2005): 20
This feature is not available in free version! Please purchase the commerical version of Havij at You must login or register to view this content.
Trying again to find columns count with string type(MySQL,MsSQL 2005): 16
Finding admin page: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Page Found: You must login or register to view this content.
Job Finished
I got bored of waiting more than 60 seconds! (request timed out)
Trying again to find columns count with string type(MySQL,MsSQL 2005): 20
Error (11002): Non-Authoritative answer: Host not found
Trying again to find columns count with string type(MySQL,MsSQL 2005): 30
It's not that big of a website, only about 50 - 60 members on there, and I doubt it has uber good security... Mind explaining?
Well first off have you even scanned the website for vulnerabilities?
That's your problem.
03-05-2011, 09:49 PM
#9
Fail
I Break The Rules.
Originally posted by ysinha123
Link me to the site and i'll try it
---------- Post added at 05:22 PM ---------- Previous post was at 05:21 PM ----------
Yeah, you can. Have you ever actually tried it?
---------- Post added at 05:23 PM ---------- Previous post was at 05:22 PM ----------
Yeah I have, but there's already a tut on that here.
---------- Post added at 05:22 PM ---------- Previous post was at 05:21 PM ----------
Yeah, you can. Have you ever actually tried it?
---------- Post added at 05:23 PM ---------- Previous post was at 05:22 PM ----------
Yeah I have, but there's already a tut on that here.
I can't find any vulnerable site help me?
---------- Post added at 03:49 PM ---------- Previous post was at 03:30 PM ----------
Hacked 1 site. Was in russian there admincp made no sense. Going on to the next.
03-06-2011, 09:05 AM
#10
Josh
League Champion
Originally posted by St0rM
Yes, says I need the pro, I use to do sqli injections when I was beginning to learn hacking.
---------- Post added at 04:29 PM ---------- Previous post was at 04:27 PM ----------
Well first off have you even scanned the website for vulnerabilities?
That's your problem.
---------- Post added at 04:29 PM ---------- Previous post was at 04:27 PM ----------
Well first off have you even scanned the website for vulnerabilities?
That's your problem.
That's what it says when I try to scan it for vulnerability
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
