Saturday, July 23, 2011

Easy SQL Injection [Using Havij 1.5]

Introduction:

I received a request from Don Sam  to post a tutorial that guided that focused on SQL Injection. SQL Injection itself can be a pretty advanced and overwhelming topic, so I decided to introduce a small, lightweight utility known as Havij. In this tutorial, I'll be using version 1.5.

I will assume you have downloaded Havij and have selected a target website. If you haven't downloaded Havij, you can do so here. If you don't have a target site in mind, you can head on over to the Devil's Blog On Security for a list of common SQL Dorks. All you have to do is choose one, then Google it. The websites in the results are possibly vulnerable! Just copy the web address to the clipboard for use later.

Step 1:

The first thing you need to do is paste the address of your target into the text box labeled Target, then choose Analyze. Havij will then test the target to see if it is vulnerable to SQL Injection.


If the target is vulnerable, Havij will return the name of the database being used at the URI you supplied.


Step 2:

After you have determined that the target is vulnerable to SQL Injection, you need to get a list of all of the tables in the DB. Do this by choosing the Get Tables option.

 

Havij will then return a list of all of the tables in that DB. Check the tables that contain the data you want, then choose Get Columns. This will return a list of the columns in that table.


Step 3:

Once Havij has finished looking for the columns in the table, it will return a list in the tree structure under that table. Check the columns you want, then choose Get Data.


Finally:

As Havij extracts the information from the columns of the table, it will be displayed in the whitespace to the right. Most of the time, this information isn't even encrypted. If it is a column of password, it may be encrypted with an MD5 Hash, but that is pretty easily decrypted! 



Conclusion:

So, you have just conducted a successful SQL Injection attack on a vulnerable website. While vulnerable databases aren't as common anymore, there are still many, many, many out there. In my research, I Googled a SQL dork and the first site was vulnerable!

If you have any questions, comments or concerns, please feel free to comment below!

Did you know that i7's Guide to hacking can be delivered daily to your kindle devices? Subscribe Now! 
 
Posted by at
Labels: , , , , ,

1 comment:

  1. AnonymousDecember 24, 2012 at 8:45 AM

    you are pretty good MR how can i get in touch with you

    ReplyDelete

Subscribe to: Post Comments (Atom)