(adsbygoogle = window.adsbygoogle || []).push({});

In this tutorial, I will be teaching you the basics of obtaining the Admin username and password through a program called Havij. This program will do its job if you do your's right. If you have any questions about what it is, please refer to the next page. On how to use it, refer to the "How to use it" page. For a download link and a virus scan of the program, please go to the final page of this thread. Now lets begin...
[multipage=What is Havij? ]


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.[multipage=How to use it? ]




First Find a sqli infected site .Now here i found a vulernable site
You must login or register to view this content.

Now Let's start

Open havij and copy and paste infected link as shown in figure

You must login or register to view this content.

Now click in the "Analyze"

You must login or register to view this content.

Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx

You must login or register to view this content.

Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed

You must login or register to view this content.

After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

You must login or register to view this content.

In that Just put mark username and password and click "Get data"

You must login or register to view this content.

Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure...

You must login or register to view this content.

Have Fun With Admin Password!!!!!!!!!!!

[multipage= Download Link / Virus Scan]

Download Link: You must login or register to view this content.
Virus scan: You must login or register to view this content.

Passwords are encrypted?

Bumpity Bump?

How do I get a vunerable website because I wanna do it to fire-pk.com

This is a great Big Tut Thanks man and keep it up

how do you know what sites are SQL infected?