SQL Injection Using HAVIJ

The world today really is very simplified, just so the user can directly whiz in the case of SQL Injection, without having to know the basics. You can call your self what?

Okay, it's just sharing how SQL Injection Havij:

1. Please search for targets using SQL Injection Vulnerability, can be obtained from the search and exploit-db.com, please find here: http://www.exploit-db.com/webapps , a vulnerability that has a keyword search for"SQL injection".

2. Then please download  HAVIJ TOOLS FREE or DOWNLOAD HAVIJ PRO

3. Mandatory for download help & help the following: HELP PDF & CHM HELP

4. Here are some images HAVIJ TOOLS:

5. The main steps in Havij:

• Find a website that has a SQL Injection Vulnerable
• Enter the targets that are vulnerable to the tab "Target" in Havij unmarked '
• Then click Analyze
• Menus are studied in HELP please HELP PDF & CHM who have downloaded for each function.

What the hell that can be obtained by using these tools?

1. You can deface the website with HAVIJ
2. You can do copy / save the database with HAVIJ
3. You can find the admin login with HAVIJ
4. You can become a website administrator with HAVIJ
5. Furthermore, depending on the extent to which your shrewdness in managing the target 

If still not satisfied, following a video tutorial on HAVIJ included, because it was more scattered, so do not need to make your own videos, please immediately wrote listened to:

Hacking exploits using the Metasploit Framework

Here we will discuss how to do hacking using Metasploit Framework is coupled with the utilization of external program to retrieve the information we want.

For example, the author will make hacking by exploiting security holes in Server Service Could Allow Remote Code Execution - MS08-067 on Windows XP SP3. Actually, the author never fill seminars and demos with matter exploit the vulnerability to hacking Windows XP SP2/SP3 in early December 2008, this gap has been known writer on ahkir October 2008 from a security site, here I share as well as to use up meterpreter utilize external program to dial up passwords exploited.

Ok we just start

First of all to find out who connected on the network. then you can go to command prompt and then type the command net view and enter

After appearing on network computers then you just select which ones will be targeted, for example PCXPSP3, just ping the ip PCXSP3.

Once you know your server computer can be if you want to do a scan to find out what OS, how wrote an open port with NMAP NMAP or take advantage of the Metasploit Framework.

We live it to the stage of exploitation. Here I use the console.

Below is to get into the target computer with the payload shell / bind_tcp:

For how to use the payload meterpreter as well try to upload a telnet backdoor

Once uploaded then we can check in c: \ in the victim's computer and then run a telnet backdoor 3x as much to run properly.

After that we can use Putty to get into telnet

Display after entering through a backdoor telnet

Now let's try to download files from the victim's computer, for example file fotorahasia.jpg

Below is an example command to download a file using meterpreter fotorahasia.jpg.

We are now trying to exploit to try to get a dial-up passwords stored by the victim's computer, we upload the program to take the dial-up passwords stored by Windows is dial.exe

Once uploaded we use the command: dial / stext (filename).

After a file, in the example uses the file name pass.txt, we stayed open pass.txt file contents with the command: type pass.txt

Binggo, we get the dial up passwords.

Thanks to : Kurniawan ( YF Code )