Change background image
  1. What's up? I see you're viewing as a Guest. How about registering, it only takes like 2 minutes. This will enable you to do more on our forum and stay updated.

Sql injection {Tutorial} N00B FRIENDLY

Discussion in 'PC General' started by jrpjordan, Sep 25, 2011.

Thread Status:
This thread is more than 180 days old.
  1. jrpjordan

    jrpjordan Junior Member Member

    Sql injection WITH HAVIJ (N00B way of sql injections not manually) TUT

    1. Download a program called Havij 1.15 here. It is a program that performs automatic SQL injection. http://itsecteam.com/files/havij/Havij1.15Free.rar
    (I may give a cracked pro version out later on)
    2. Install the program.
    3. Go to http://google.com/
    4. Now this is how we find a vulnerable site to SQL Injection. So now here's a list of things called "Dorks". With these dorks, you can easily find a site vulnerable to SQL Injection. Now what you do with dorks is stick them in the google search engine, hit search, and find a vulnerable site.
    5. Search up one of these dorks i have provided here. You might wanna save them in a .txt by copying and pasting for future reference
    Spoiler.

    6. Now sites like http://www.targetwebsite.com/example.php?id= should come up. If the site has a .php?id= at the end, then it might be vulnerable to SQL Injection.
    7. Go to various sites and do a little trick everyone who participates in the action of SQL Injection knows. Find a site link from google using one of the dorks i provided, then go to the site.
    8. Now when ur at the site that looks like this www.Targetwebsite.com/blah.php?id=613 then this is what you do. put a ' at the end so it would look like this!www.Targetwebsite.com/blah.php?id=613' then hit enter. If an error comes up that has something to do with Syntax, like a syntax error, then this means it's vulnerable. If it doesn't come up with a syntax error, it is not vulnerable.
    9. Now, once you find your site that comes up with a syntax error when you add a ' at the end of it, open Havij 1.15.
    10. Now, go to the target box in Havij, remove the http://www.target.com thing from it, and replace it with the url of the site you found out had a syntax error, and paste it in. Make sure theres no ' at the end of it this time!
    11. Hit the analyze button, and let it do its work.
    12. Once the analysis is done, it should say Current DB: NameOfDB in blue.
    13. Go to the tables button, select the Database, then hit get tables, then let it find the tables.
    14. Now you should have the tables. Look for something that has to do with users, usernames, passwords, password, emails, adminpass, admin, info, shit like that you know what i mean? Now that you found the interesting shit that you want to look further into, check the boxes to the left of those tables and hit the get columns button.
    15. Now those tables should open up and show more info. Now look for all the shit to do with passwords or usernames or emails, and hit the checkbox to the left of them.
    16. Once thats done, hit Get Data.
    17. Now it should get the final data of all the shit you chose in the big box to the right.
    18. Now that you have an admin password and/or username and/or email, or any fucking combination of those things, its time to find the admin login page. Hopefully this will be an easy task.
    19. Hit the find admin button, then hit start.
    20. Any admin pages it finds, right click them and hit go to, or open url.
    21. Once you get the admin page, login to admin, and do whatever the fuck you want from there on
    Vulnerable websites list: http://pastebin.com/wgiM3JBj

    Note: Sql vulnerable website list was gathered from a friend of mine... Not me.. NAMED: Wckicksass

    NOTE: Remember to use proxies,vpn, etc. while performing these task and I nor newhax are responsible for what you do with this tutorial... this is For EDUCATIONAL purposes only...
    If someone would like to post some vulnerable sites, go right ahead.
    IMPORTANT NOTE: IF YOU CANNOT FIND THE ADMIN PAGE, TRY GOING ON THE SITE ITSELF AND LOOKING FOR A LOGIN PAGE, THEN TRY IT THERE
    source:
  2. 3nvisi0n

    3nvisi0n The R3v0lu710n Super-Mod

    two comments, one cite your sources, this isn't your own(slight modifications doesn't make it yours) Source:http://ahfcrew.blogspot.com/2011/09/sql-injection-using-havij.html
    read the rules forum for information on formatting copied tutorials.

    two, This isn't a sql injection tutorial its a how to push a button tutorial. Its tutorials like this crap that make me hate these forums filled with kids who think this is hacking.
    In all honesty what does this teach, I suppose maybe it teaches what a Google Dork is but it hardly does that. It sure doesn't teach anything about SQL injection, hardly a tutorial on it.
  3. jrpjordan

    jrpjordan Junior Member Member

    Didn't get it from there... Also a friend named "wckicksass" Made it and i reposted this never claimed it was mine and idk where he posted it anymore.. somthing like hackcommun? or somthing..
  4. 3nvisi0n

    3nvisi0n The R3v0lu710n Super-Mod

  5. jrpjordan

    jrpjordan Junior Member Member

    I get your point but no one really even tries doing the work anymore... Also if this makes you happier changing the thread title ...
Thread Status:
This thread is more than 180 days old.

Share This Page