SQL Penetration Testing Using Havij for Security
I have already posted a beginning guide to the SQL injection here at hackersthirst already, if you haven’t read that post then kindly do read this below, also another post is there which has list of tools commonly used for scanning sql related vulnerabilities, You can get a lot from below posts:-
What is SQL injection and how it is accomplished..!
Today, I am posting a tutorial using which you will be able to use a tool named as havij for sql injection & vulnerability testing. This tool is in free version you can get paid version too, However we can use this tool for free also, Now-a-days manual scanning and exploiting vulnerabilities is quite limited, ethical hackers and pen-testers use mainly automated tools.
How to use Havij for SQL Testing:-
- First of all, Download Havij here.
- Install havij and place the shortcut at the desktop, Now find a website which might be vulnerable to the SQL injection. In this case it's your own website which you want to test against possible vulnerabilities.
- After finding the website open Havij, lets say the vulnerable site has URL:-
“http://website.com/index.php?module=pages&id=85”
- After opening Havij paste the above URL like this i-e of vulnerable Site:-
- After that hit “Analyze” and thus it will scan site that whether sql injection is possible or not. For security reason I have not shown the name of site which I will use for tutorial purpose.
- It will tell you the type of server and also the type of OS running on the server and will give a message like :- Target Vulnerable if the site is vulnerable.
- Now go to “Tables” and “Get Database” and after getting data bases check all of them and hit “Get Tables” After getting tables of DB’s , select the admin table and hit “Get Columns” , after getting columns now a hacker can check the password and username column and can hit “Get Data”, See pic Below to understand all the button used:-
- Now a You will get data in encrypted form , like mostly in “md5 hash” but hackers can decrypt it easily by using other online tools present, After decrypting a hacker can get sensitive data which can even include some login details.
So, Automated tools have also great importance you can also check your own website for the vulnerability. And yes better is to use your skills in right direction because a real hacker is one who thinks for the benefits not for desctruction, Thanks 
Tags: Ethical Hacking, Tools, Website Vulnerability
