Havij Tool - Windows

By

In this article, we are going to learn about Havij, features, and hands-on demo on how to install, use and uninstall on windows operating system.  

Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking, Software Development and IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Table of Content


What is Havij?

  • Havij is an automated SQL Injection tool. 
  • It is distributed by ITSecTeam, an Iranian security company. 
  • Helps penetration testers and developers to find and exploit SQL Injection vulnerabilities on a web page. 
  • The name Havij means “carrot”, which is the tool’s icon

Features

  • User-friendly GUI (Graphical User Interface). 
  • Automated scan and detection. 
  • Complete HTTPS support. 
  • Various updates are available. 
  • Added MS SQL blind. 
  • PostgreSQL. 
  • Easily accessible user manual. 
  • Additional dumping data file feature. 
  • XML format comes with the tool for data storage. 
  • Users can remove the log. 
  • The default settings can be changed at any time. 
  • Repair methods are available to cover up the weaknesses of the website. 
  • Keyword testing is also available. 
  • Error fixing feature. 
  • Users can perform backend database fingerprint and retrieve users and password hashes. 
  • Able to run SQL statements and OS commands. 

 

Hands-on  

Operating System: Windows

Tools: Havij, 7-Zip.

Download 


Install 

  • Goto Downloads folder, extract the Havij 1.12 Free.7z with help 7-Zip and double click on the Havij-1.12-Free.exe file.

  • Give the User Account Control by clicking on Yes.

  • Setup window will be opened, click on Next > Next > Next > Create desktop icon > Next > Install > Finish


Usage

  • Double click on the Havij icon to open the tool. 

  • Now it's time to find the URL which contains parameters like id=1, param=1, category=1 etc.  
  • Warning: Please perform this attack on a website you have permission to attack. 
  • Here is a test website from Acunetix: http://testphp.vulnweb.com/listproducts.php?cat=1 

  • Now test this URL in the Havij tool. Paste the URL in Target and click on Analyze


  • If the URL is vulnerable to SQL injection, then Info, Tables, Read Files, Cmd Shell options are enabled. 

  • Now get the data in Database.

  • Here we got the username:test and password:test from Database. 

Uninstall 

We can uninstall this application in 2 ways, from the control panel and Uninstall.exe file from Havij. 

Control Panel 

  • Open the Control panel

  • Click on Uninstall a program

  • Double click on Havij 1.12 Free and click on Yes, then after click OK


Uninstall File 

  • Goto file location C:\Program Files (x86)\Havij and double click on the unins000.exe


  • Give the User Account Control by clicking on Yes.

  • Click on Yes > OK.

Conclusion

  • Havij 1.12 is tested on Windows 7 Professional on Virtualbox. 

 

If you face any problem, Let me know in the comments or you can directly reach me at hackwithv@gmail.com

 

Be Aware, Be Secure.

Thank You 🙏

 

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more