Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is and different types of SQL injection attacks. In this blogpost, you will learn about Havij, an automated SQL injection tool. Havij is a SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can be used to perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.
Let me give you a complete guide on Havij in this article. First download Havij and install it.
1. Specifying the target:
Then open it and enter the vulnerable URL in the target field (for this tutorial I am using my own vulnerable webpage).
2. List the current database:
Set the database option to ‘auto detect‘ and hit analyze. This should show you the current database name as shown below.
3. Get Host information:
Click on the “info” tab. This will show you information about the victim’s system. We can see information like Host IP address, web server version etc.
4. List all tables of the current database:
Click on the “Tables” tab.
5. List all databases from the target:
Click on “Get DBs” option. This will list all the databases as shown below.
7. List tables in a certain database:
To get tables in a specific database, select the database and click on “Get Tables”. This will list all the tables present in the selected database. I selected database “shunya”here.
8. List all columns from a particular table:
We can see that there is on table ‘users’ in our database ‘shunya’ .To get columns , select the table ‘ users’ and click on “Get Columns”.
This will list all the columns in the table. We can see that we have five columns in the table ‘users’. It’s time to dump the values of columns.
9. Dump data from the columns:
Select the columns whose data we want to dump and click on “Get data”. Here I selected all the columns.
10. Crack password hashes:
We got all the data including usernames and passwords. But passwords seem to be encrypted. No problem. Click on the password hashes and copy them. Then click on “MD5″ tab and paste the password. Click on “Start”. Havij automatically decrypts the password for us. Decrypt all passwords in the similar manner.
11. Find admin page:
Having passwords is not enough. You also need to know where to login with these passwords. Havij can do that too. Click on “Find admin”. This option finds the admin page of the website automatically. When it finds the admin page, you can try the username and passwords to get access to the website. Hope this was helpful.
