Hack a Website using Havij (Noob Friendly)



hack-websites-havij


Now-a-days, it is quite easier to build a website and promote the business. Now, even you do not need to learn various languages and scripts like HTML, CSS, Java Script, DHTML etc. to make a web page. There are numerous Web Building tools already available on Internet which make your work quite easier. You just need to Drag and Drop elements to create a beautiful webpage. Various platforms like Blogger, Word Press, Joomla can easily host your website and provide a free Domain Name. Similarly, it is also too easy to hack a website today. There are many ways to hack a website like DoS (Denial of Service), DDoS (Distributed Denial of Service), SQL Injection, XSS (Cross Site Scripting) attack. And, to make the job easier for you, there are numerous tools also available on the Internet. These tools having GUI (Graphical User Interface) are automated and you just need to press a few buttons to hack the target.

One such awesome hacking tool is Havij. It is devloped by ITSecTeam and it uses SQL (Structured Query Language) Injection method to hack a website. And, now I am going to provide a step-by-step tutorial to hack a website using Havij.
 

Step 1-


download-havij


At first, you need to download the Havij tool. You can download it from http://www.itsecteam.com. Once downloaded, install the Havij in your system.




Step 2-

Now you need to find a vulnerable site to hack it with Havij. Remember one thing that you can not hack each and every site using this method but at least you can hack a few. You can easily find vulnerable site using Google Dorks like-

inurl:.com/index.php?id=

inurl:.in/news.php?id=

inurl:.pk/page id=

inurl:.gov/article.php?id=

You can find more such Google Dorks on Internet easily.

Now, simply Copy and Paste these dorks in Google Search box. Within seconds, you will get thousands of site which might be vulnerable to Sql Injection. You need to find one such vulnerable site. To do so, open the site and add a ' in the address of the website and press Enter. For example, I have found a site http://www.txi.co.in/article.php?id=3. And I inserted ' in the address as follows- http://www.txi.co.in/article.php?id=3'. If the site is vulnerable then you will find an error message like-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1




Step 3-


vulnerable-target-havij



Once you get the address of vulnerable site then open Havij. Input the web address of the vulnerable site in Target section. In my case, it is http://www.txi.co.in/article.php?id=3 and click on Analyze button.




Step 4-


site-data-analysed-havij


After that, Havij will take some time to analyze the target and get some information about it. So, be patient. Once Havij complete the analysis then click on Tables.




Step 5-


get-table-havij

Now, click on Get Tables to find the tables present in website's database.




Step 6-


select-admin-table-havij


Once Havij find the Table, click on '+' icon to expand the entry. Here you will find many tables like Admin, Login, Users etc. Select the suitable table like Users to get user name and password of users on that site. In my case it is 'Users' as I want the user name and password of users.




Step 7-


select-column-havij


After selecting the suitable table, click on the option Get Columns to get Columns present in the table.




Step 8-


get-user-data-havij


Within minutes, Havij will find Columns. Now, select the column like username, password, email id and Click on Get Data.



Step 9-


save-hacked-data-havij


Now, Havij will retrieve all the data like User name, Password and Email Id of users from the Column. You can use this data to Log In to the user accounts on the site and control it. You can also save these data for further use by clicking on Save Data.

NOTE- It might be tough to understand everything provided in the tutorial at once. So, if you face any problem, feel free to contact me.

The tutorial provided here is only for the educational purpose. Apply the method/tutorial/trick at your own risk. Amazing Hacking Tricks and Sanjeet Kashyap will not be responsible for the harm caused by User's action in any way.

A personal message to You
 
It is nice to see that you have gone through "Hack A Website using Havij (Noob Friendly)" completely. I hope you have enjoyed the article. However, if you want me to deliver more interesting hacking tutorials and article then please share my post(s). You can use Social Sharing Widget provided at the end of every post. After all, Sharing is Caring!!!
Thank you. Have a nice day ahead!!!

9 comments:

  1. Unknown11 June 2014 at 11:16

    i will try this trick but no one any track me??

    ReplyDelete
    Replies
    1. Sanjeet Kashyap11 June 2014 at 19:24

      Surely Mohsin,
      You can use this trick frequently and do comment if you face problem. When the matter comes to tracking, I suggest you to go through my article "Hide Yourself on Internet". There I shared almost all possible way to hide yourself.
      Thanks.

      Delete
  2. Anonymous12 June 2014 at 13:39

    Nice tutorial on Website Hacking. I like it.

    ReplyDelete
  3. Unknown18 July 2014 at 01:54

    Can we get the admin login of the website. To edit website like placing our ads on website will be possible when we are admin. so, can we get it? #Sanjeet

    ReplyDelete
  4. Unknown20 July 2014 at 08:06

    Nice ,is there any mobile tool like this

    ReplyDelete
  5. Unknown20 July 2014 at 08:07

    Is there any mobile tool like this

    ReplyDelete
  6. Sanjeet Kashyap24 October 2014 at 11:18

    Yes, Anvesh. You can surely get Admin log using this method. You just need to choose right table to get right data.
    Hope you got me. Keep visiting.
    With Regards,
    Sanjeet Kashyap

    ReplyDelete
  7. Sanjeet Kashyap24 October 2014 at 11:27

    Surely, Amarjeet Prakash. Droidsqli is such a tool available for Android.

    ReplyDelete