Hey guys

Today I will show you " How to Hack A Website Using Havij "

Now-a-days, it is quite easier to build a website and promote the business. Now, even you do not need to learn various languages and scripts like HTML, CSS, Java Script, DHTML etc. to make a web page. There are numerous Web Building tools already available on Internet which make your work quite easier. You just need to Drag and Drop elements to create a beautiful webpage. Various platforms like Blogger, Word Press, Joomla can easily host your website and provide a free Domain Name. Similarly, it is also too easy to hack a website today. There are many ways to hack a website like DOS (Denial Of Service), dDOS (Distributed Denial of Service), SQL Injection, XSS (Cross Site Scripting) attack. And, to make the job easier for you, there are numerous tools also available on the Internet. These tools having GUI (Graphical User Interface) are automated and you just need to press a few buttons to hack the target.
One such awesome hacking tool is Havij. It is devloped by ITSecTeam and it uses SQL (Structured Query Language) Injection method to hack a website. And, now I am going to provide a step-by-step tutorial to hack a website
using Havij.


So Here Our Tutorial Starts ...

 Step 1 -

At first, you need to download the Havij tool. You can download it from http://www.itsecteam.com. Once downloaded, install the Havij in your system.

 


Step 2-

Now you need to find a vulnerable site to hack it with Havij. Remember one thing that you can not hack each and every site using this method but at least you can hack a few. You can easily
find vulnerable site using Google Dorks like-

inurl:.com/index.php?id=

inurl:.in/news.php?id=

inurl:.pk/page id=

inurl:.gov/article.php?id=

You can find more such Google Dorks on Internet easily.


Now, simply Copy and Paste these dorks in Google Search box. Within seconds, you will get thousands of site which might be vulnerable to Sql Injection. You need to find one such vulnerable site. To do so, open the site and add a ' in the address of the website and press Enter. For example, I have found a site http://www.txi.co.in/article.php?id=3. And I inserted ' in the address as follows- http://www.txi.co.in/article.php?id=3'. If the site is vulnerable then you will find an error message like- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 


Step 3 


Once you get the address of vulnerable site then open Havij. Input the web address of the vulnerable site in Targetsection. In my case, it is http://www.txi.co.in/article.php?id=3 and click on Analyze button.



Step 4

After that, Havij will take some time to analyze the target and get some information about it. So, be patient. Once Havij complete the analysis then click on Tables.



Step 5 -

Now, click on Get Tables to find the tables present in website's database.   



 Step 6 -

Once Havij find the Table, click on '+' icon to expand the entry. Here you will find many tables like Admin, Login, Users etc. Select the suitable table like Users to get user name and password of users on that site. In my case it is 'Users' as I want the user name and password of users. 



Step 7 -

After selecting the suitable table, click on the option Get Columns to get Columns present in the table.



Step 8 -

Within minutes, Havij will find Columns. Now, select the column like username, password, email id and Click on Get Data.



Step 9 -

Now, Havij will retrieve all the data like User name, Password and Email Id of users from the Column. You can use this data to Log In to the user accounts on the site and control it. You can also save these data for further use by clicking onSave Data.

 
NOTE- It might be tough to understand everything provided
in the tutorial at once. So, if you face any problem, feel free to contact me.

The tutorial provided here is only for the educational purpose. Apply the method/tutorial/trick at your own risk. Tech Geek and Sanjeet Kashyap will not be responsible for the harm caused by User's action in any way.
Thats all. I hope you enjoyed the article. Suggestions, Feedback and Criticisms too are invited frequently.
Thanks!!