SQL INJECTION

-
SQL INJECTION


 Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands. 
It is available both in free and commercial versions. Today we are going to see how to dump the contents of a database using Havij. For this I am going to use the free version. First download Havij from here and install it. Then open it and enter the vulnerable page url in the target column 




- Type Vulnerable Website Inside It And Hit Analyze Button.
Now Click On Tables Tab And Then Hit Get DBs Button.
Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.
  1. - You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick         Related Tables And Hit Get Columns Button.
  2. You Have Got Columns From Ticked Table. Tick Related Columns And Press Get Data Button. I Am Going To Choose Username, Password, UserGroup Columns. There Should Be Stored Data Related To Admin's Username, Password Etc.
  3. You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.






Download Havij (1.81 MB zip file)


Popular posts from this blog

hack wifi using kali Linux/Android

-
Image
How to hack wifi using kali Linux:  Kali Linux  provide various techniques for security testing and penetration. Using  kali Linux for wifi hacking  is good approach. To hack a wifi or to  crack WPA/WPA2 security  we can follow the following steps for easily hacking wifi using Linux: Step 1:  Login into your  kali Linux Step 2:  Plug in  the injection capable wireless adapter i.e. (which support promiscuous mode) Step 3:  Open up the terminal ( ctrl+alt+t  can be used as default shortcut command) Step 4:  Type  airmon-ng  and you will see the list wireless devices. Step 5:   Type  airmon-ng  stop (interface name) then it is ready to capture data Step 6:  Then we need to find out if the WPS i enable or not for that we can use command:  wash -i (interface name)-c 8 -C -s Step 7:  If the WPS is not enabled then we can easily hack the wifi using  reaver reaver...
Read more

USB Rubber Ducky

-
Image
USB Rubber Ducky The USB Rubber Ducky isn't your ordinary  HID (Human Interface Device) . Coupled with a powerful 60 MHz 32-bit processor and a simple scripting language anyone is able to craft payloads capable of changing system settings, opening backdoors, retrieving data, initiating reverse shells, or basically anything that can be achieved with physical access -- all automated and executed in a matter of seconds. ·          Attacks any OS that supports USB Keyboards ·          Start writing payloads in minutes MAKE YOUR OWN  USB RUBBER DUCKY Tools you’ll need:          Arduino Pro Micro ATMega32U4 5V/16MHz (or any Arduino with ATMega32U4 chip)          USB Micro Adapter Cable (you don’t need this one if the Arduino you use comes  with builtin USB A male connector)          MICRO USB ...
Read more