Salam Guyz,

Today i m sharing u very nice tool for hacking a website using SQL injection

Description Of Tool

One of the popular tool for SQL Injection is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Supported Databases With Havij
  • MsSQL 2000/2005 with error.
  • MsSQL 2000/2005 no error union based
  • MySQL union based
  • MySQL Blind
  • MySQL error based
  • MySQL time based
  • Oracle union based
  • MsAccess union based
  • Sybase (ASE)
This is the newest version of Havij 1.7 Pro. Download from here..

Installation Instructions


1.Run Havij setup.
2.Follow the instalation instructions.
3.Copy the loader.exe from where you have downloaded Havij.
4.Paste to the location where you have instaled Havij 1.7 PRO.
5.Create a shortcut to your desktop of loader.exe.
6.Run loader.exe and click Register.

I suggest you before start hacking with havij u must have to know about sql injection read my previous tutorial about sql injection from here

Demonstration

STEP 1:
Find SQL Injection vulnerability using SQL dorks for get new sql dorks click here. After find a vuln site copy the url of vuln website and paste into the target textbox of Havij. (As shown in figure)



STEP 2:
Now click on the Analyse button as shown below.



Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:



STEP 3: 
Now click on the Tables button and then click Get Tables button from below column as shown below:

STEP 4:
Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Data button.

STEP 5:
Now you have the admin usernames and password. Simply take note of only the username.
The password you got is in Md5 format and cannot be used to login to the website directly. What we need to do is too simply click on the MD5 tab on havij and paste the password into the text field and click on start.



STEP 6:
After crack MD5 u have the real password of admin.Now click on the button FindAdminPage on havij. After Finding admin page go on the admin page enter username or password of admin and now do what you want with the site  :)

Author : Mad Jack