Hello All,
The article you are searching for has been moved here.
Regards,
James
Automated SQL Injection with Hajiv – (How do hackers always get their reservations?)
Posted: January 12, 2013 in Web Exploitation Tools, Windows TutorialsTags: carrot, farsi, get columns, get data, get tables, google dork, hajiv, sql injection, sqli
Comments
You’re the man! Thanks James.
No worries mate, spreading the fun!
Hey James, do you have s tut on setting up a rogue access point?
That should be next on the list along with how to hack android mobile phones on your network.
Got the set up right, waiting for the victim.
Oh okay cool. Thanks James. Post a donate button. I’d like to help the cause
Hey James, have you heard of this course?
http://securitytube-training.com/online-courses/securitytube-python-scripting-expert/?link=left#question
James, if you can, please email the full version 1.6. I tried looking for the torrent but couldn’t find version 1.6.
Sorry dude, i do not have the 1.6 pro version. Still rocking the 1.5.
Oh okay, thanks James. Yeah i can find the full version of 1.5. I’ll let you know if i come across 1.6.
Thanks man,
Anyway no i have not heard of that course…i rarely keep up with courses.
Also the rouge ap will be up later today, sorry abt the delay. Had some stuff to sort out
Thanks James!!!
Hijacking your topic if you’ve found version 1.6 please let me know too, thanks a lot man!
Will do dude, i have not even bother to look for it. I mean it does the same job. Ill just wait it out till fate brings it my way. lol
Will do Leo! I can find 1.5 pro cracked all day long but not 1.6 for some reason. Not even sure what the difference is between the two versions.
I’m glad we can still use havij 1.5 up to year 2099 there’s enough time to look for 1.6 LOL
Have tested it on other site and it really works I shoud have booked myself the problem is finding sql vuls online
Hey James, what’s the proxy you’re using for this?
Thanks man.
Hey man sorry for the late reply, was at work.
I believe it was some anonymous russian/china proxy that i was gathering for my proxychains.conf. Its down now i believe.
Splendid weekended!! WIll post something fun later
No worries at all bro!
I would imagine that I would always need to use a proxy when pentesting via Havij? Without a proxy, it would be easy to detect the person who was able to SQL inject your web application?
Always looking forward to the next post!
You will DEF need to use a proxy. Just get one from the free proxy sites. This is just paranoid stealth belief, myth of mine that Russia and China proxies would be a good choice as they are mostly filled with malicious activity and that reduces the impact and focus on our minor probing shown in the proxy activity logs. That is if you accidentally probed into something you shouldnt and the cops manage to get their hands on the proxy activity log, the mass amount of identical proxy users and malicious activity will reduce the time in figuring shit out, if they do. I repeat reducing the time….not guarantees. YOu could however also spoof your mac, use a free wireless and a proxy.
You can purchase a pvt high anonymity proxy online though but i never had the need for them.
Sorry James, one other thing.. Any importance when the “Keyword Found” is found?
Oh okay. Good to know…
As Leo was saying, I was blown away how it really does work and at the same time how easy it was. Would you say that Havij is the tool of choice by most pentesters?
Just hypothetically speaking, if you were to gain access to a database and recover the password hash, have you had success being able to crack it? If so, what tools do you use?
Sorry for all the questions James. I am just really enjoying this..
You are really enjoying hajiv huh lol. Well yea pentesters should like, If it does the job it does the job.
And yes i have successfully cracked the hashes more times then i have not.
The respected and reputable tool is call JTR (John the ripper) , a must know.
http://en.wikipedia.org/wiki/John_the_Ripper
Also hajiv can also assist your in cracking the md5 sums. It does a decent job by checking the md5 with various online md5 cracking sites.
So Havij is the tool of choice eh.. Cool
I just wanted to know because I want to dive deep into this SQL infection stuff and want to use whichever tools the top hackers use.
And yeah, actually i do know of John the ripper.. I completely forgot. It’s already part of BT i believe. I did try the MD5 hash cracker within Havij but it struck out. I tried some other hash cracking tool for Windows but it also struck out.
Here’s the hash i am trying to crack.. 47924822a13312b87e1366ed6c61cc4e
Thanks for the awesome info on the proxies. I will keep that in mind. I did end up founding a ton of Chinese & Russian proxies.
Thanks James. You’re the best dude.
Sqlmap & Hajiv are the top two at the moment but its really not what tools the top hackers use but rather how they use any tool. It does not matter if the tool is of the latest version, that really doesnt bother them. What bothers them is if they get the job done The tools dont make you, you make the tools.
. So it differs between individual, no specific best but those two can be considered currently the best. And no worries, enjoy! 