Hacking Wabsite dengan havij

Selamat pagi semua teman teman maya yang setia dengan farrih blogspot.com, kali ini saya akan membahas bagaimana hacking wabsite dengan havij buat para master mungkin cara ini sudah cupu atau ketinggalan jaman tapi buat yang masih baru belajar bisa untuk tambahan pengetahuan dalam hal hacking wabsite, kali ini saya menggunakan teknik sql injection dengan menggunakan tools havij, untuk mengambil data base yang dimiliki wabsite target. ok kita langsung saja bagaimana caranya.

hal pertama yang harus kita lakukan adalah siapkan sebungkus rokok, segelas kopi, musik yang akan kita putar agar gk boring heheheee.... bercanda kawan itu hanya lah sebuah saran saja biar kegiatan hacking kita lebih menyenangkan... persiapan pertama adalah menentukan target kita terlebih dahulu, untuk mencari target kita bisa menggunakan dork berikut :

about.php?cartID=
accinfo.php?cartId=
acclogin.php?cartID=
add.php?bookid=
add_cart.php?num=
addcart.php?
addItem.php
add-to-cart.php?ID=
addToCart.php?idProduct=
addtomylist.php?ProdId=
adminEditProductFields.php?intProdID=
advSearch_h.php?idCategory=
affiliate.php?ID=
affiliate-agreement.cfm?storeid=
affiliates.php?id=
ancillary.php?ID=
archive.php?id=
article.php?id=
phpx?PageID
basket.php?id=
Book.php?bookID=
book_list.php?bookid=
book_view.php?bookid=
BookDetails.php?ID=
browse.php?catid=
browse_item_details.php
Browse_Item_Details.php?Store_Id=
buy.php?
buy.php?bookid=
bycategory.php?id=
cardinfo.php?card=
cart.php?action=
cart.php?cart_id=
cart.php?id=
cart_additem.php?id=
cart_validate.php?id=
cartadd.php?id=
cat.php?iCat=
catalog.php
catalog.php?CatalogID=
catalog_item.php?ID=
catalog_main.php?catid=
category.php
category.php?catid=
category_list.php?id=
categorydisplay.php?catid=
checkout.php?cartid=
checkout.php?UserID=
checkout_confirmed.php?order_id=
checkout1.php?cartid=
comersus_listCategoriesAndProducts.php?idCategory=
comersus_optEmailToFriendForm.php?idProduct=
comersus_optReviewReadExec.php?idProduct=
comersus_viewItem.php?idProduct=
comments_form.php?ID=
contact.php?cartId=
content.php?id=
customerService.php?****ID1=
default.php?catID=
description.php?bookid=
details.php?BookID=
details.php?Press_Release_ID=
details.php?Product_ID=
details.php?Service_ID=
display_item.php?id=
displayproducts.php
downloadTrial.php?intProdID=
emailproduct.php?itemid=
emailToFriend.php?idProduct=
events.php?ID=
faq.php?cartID=
faq_list.php?id=
faqs.php?id=
feedback.php?title=
freedownload.php?bookid=
fullDisplay.php?item=
getbook.php?bookid=
GetItems.php?itemid=
giftDetail.php?id=
help.php?CartId=
home.php?id=
index.php?cart=
index.php?cartID=
index.php?ID=
info.php?ID=
item.php?eid=
item.php?item_id=
item.php?itemid=
item.php?model=
item.php?prodtype=
item.php?shopcd=
item_details.php?catid=
item_list.php?maingroup
item_show.php?code_no=
itemDesc.php?CartId=
itemdetail.php?item=
itemdetails.php?catalogid=
learnmore.php?cartID=
links.php?catid=
list.php?bookid=
List.php?CatID=
listcategoriesandproducts.php?idCategory=
modline.php?id=
myaccount.php?catid=
news.php?id=
order.php?BookID=
order.php?id=
order.php?item_ID=
OrderForm.php?Cart=
page.php?PartID=
payment.php?CartID=
pdetail.php?item_id=
powersearch.php?CartId=
price.php
privacy.php?cartID=
prodbycat.php?intCatalogID=
prodetails.php?prodid=
prodlist.php?catid=
product.php?bookID=
product.php?intProdID=
product_info.php?item_id=
productDetails.php?idProduct=
productDisplay.php
productinfo.php?item=
productlist.php?ViewType=Category&CategoryID=
productpage.php
products.php?ID=
products.php?keyword=
products_category.php?CategoryID=
products_detail.php?CategoryID=
productsByCategory.php?intCatalogID=
prodView.php?idProduct=
promo.php?id=
promotion.php?catid=
pview.php?Item=
resellers.php?idCategory=
results.php?cat=
savecart.php?CartId=
search.php?CartID=
searchcat.php?search_id=
Select_Item.php?id=
Services.php?ID=
shippinginfo.php?CartId=
shop.php?a=
shop.php?action=
shop.php?bookid=
shop.php?cartID=
shop_details.php?prodid=
shopaddtocart.php
shopaddtocart.php?catalogid=
shopbasket.php?bookid=
shopbycategory.php?catid=
shopcart.php?title=
shopcreatorder.php
shopcurrency.php?cid=
shopdc.php?bookid=
shopdisplaycategories.php
shopdisplayproduct.php?catalogid=
shopdisplayproducts.php
shopexd.php
shopexd.php?catalogid=
shopping_basket.php?cartID=
shopprojectlogin.php
shopquery.php?catalogid=
shopremoveitem.php?cartid=
shopreviewadd.php?id=
shopreviewlist.php?id=
ShopSearch.php?CategoryID=
shoptellafriend.php?id=
shopthanks.php
shopwelcome.php?title=
show_item.php?id=
show_item_details.php?item_id=
showbook.php?bookid=
showStore.php?catID=
shprodde.php?SKU=
specials.php?id=
store.php?id=
store_bycat.php?id=
store_listing.php?id=
Store_ViewProducts.php?Cat=
store-details.php?id=
storefront.php?id=
storefronts.php?title=
storeitem.php?item=
StoreRedirect.php?ID=
subcategories.php?id=
tek9.php?
template.php?Action=Item&pid=
topic.php?ID=
tuangou.php?bookid=
type.php?iType=
updatebasket.php?bookid=
updates.php?ID=
view.php?cid=
view_cart.php?title=
view_detail.php?ID=
viewcart.php?CartId=
viewCart.php?userID=
viewCat_h.php?idCategory=
viewevent.php?EventID=
viewitem.php?recor=
viewPrd.php?idcategory=
ViewProduct.php?misc=
voteList.php?item_ID=
whatsnew.php?idCategory=
WsAncillary.php?ID=
WsPages.php?ID=noticiasDetalle.php?xid=
sitio/item.php?idcd=
index.php?site=
de/content.php?page_id=
gallerysort.php?iid=
products.php?type=
event.php?id=
showfeature.php?id=
home.php?ID=
tas/event.php?id=
profile.php?id=
details.php?id=
past-event.php?id=
index.php?action=
site/products.php?prodid=
page.php?pId=
resources/vulnerabilities_list.php?id=
site.php?id=
products/index.php?rangeid=
global_projects.php?cid=
publications/view.php?id=
display_page.php?id=
pages.php?ID=
lmsrecords_cd.php?cdid=
product.php?prd=
cat/?catid=
products/product-list.php?id=
debate-detail.php?id=
cbmer/congres/page.php?LAN=
content.php?id=
news.php?ID=
photogallery.php?id=
index.php?id=
product/product.php?product_no=
nyheder.htm?show=
book.php?ID=
print.php?id=
detail.php?id=
book.php?id=
content.php?PID=
more_detail.php?id=
content.php?id=
view_items.php?id=
view_author.php?id=
main.php?id=
english/fonction/print.php?id=
magazines/adult_magazine_single_page.php?magid=
product_details.php?prodid=
magazines/adult_magazine_full_year.php?magid=
products/card.php?prodID=
catalog/product.php?cat_id=
e_board/modifyform.html?code=
community/calendar-event-fr.php?id=
products.php?p=
news.php?id=
view/7/9628/1.html?reply=
product_details.php?prodid=
catalog/product.php?pid=
rating.php?id=
?page=
catalog/main.php?cat_id=
index.php?page=
detail.php?prodid=
products/product.php?pid=
news.php?id=
book_detail.php?BookID=
catalog/main.php?cat_id=
catalog/main.php?cat_id=
default.php?cPath=
catalog/main.php?cat_id=
catalog/main.php?cat_id=
category.php?catid=
categories.php?cat=
categories.php?cat=
detail.php?prodID=
detail.php?id=
category.php?id=
hm/inside.php?id=
index.php?area_id=
gallery.php?id=
products.php?cat=
products.php?cat=
media/pr.php?id=
books/book.php?proj_nr=
products/card.php?prodID=
general.php?id=
news.php?t=
usb/devices/showdev.php?id=
content/detail.php?id=
templet.php?acticle_id=
news/news/title_show.php?id=
product.php?id=
index.php?url=
cryolab/content.php?cid=
ls.php?id=
s.php?w=
abroad/page.php?cid=
bayer/dtnews.php?id=
news/temp.php?id=
index.php?url=
book/bookcover.php?bookid=
index.php/en/component/pvm/?view=
product/list.php?pid=
cats.php?cat=
software_categories.php?cat_id=
print.php?sid=
docDetail.aspx?chnum=
index.php?section=
index.php?page=
index.php?page=
en/publications.php?id=
events/detail.php?ID=
forum/profile.php?id=
media/pr.php?id=
content.php?ID=
cloudbank/detail.php?ID=
pages.php?id=
news.php?id=
beitrag_D.php?id=
content/index.php?id=
index.php?i=
?action=
index.php?page=
beitrag_F.php?id=
index.php?pageid=
page.php?modul=
detail.php?id=
index.php?w=
index.php?modus=
news.php?id=
news.php?id=
aktuelles/meldungen-detail.php?id=
item.php?id=
obio/detail.php?id=
page/de/produkte/produkte.php?prodID=
packages_display.php?ref=
shop/index.php?cPath=
modules.php?bookid=
product-range.php?rangeID=
en/news/fullnews.php?newsid=
deal_coupon.php?cat_id=
show.php?id=
blog/index.php?idBlog=
redaktion/whiteteeth/detail.php?nr=
HistoryStore/pages/item.php?itemID=
aktuelles/veranstaltungen/detail.php?id=
tecdaten/showdetail.php?prodid=
?id=
rating/stat.php?id=
content.php?id=
viewapp.php?id=
item.php?id=
news/newsitem.php?newsID=
FernandFaerie/index.php?c=
show.php?id=
?cat=
categories.php?cat=
category.php?c=
product_info.php?id=
prod.php?cat=
store/product.php?productid=
browsepr.php?pr=
product-list.php?cid=
products.php?cat_id=
product.php?ItemID=
category.php?c=
main.php?id=
article.php?id=
showproduct.php?productId=
view_item.php?item=
skunkworks/content.php?id=
index.php?id=
item_show.php?id=
publications.php?Id=
index.php?t=
view_items.php?id=
portafolio/portafolio.php?id=
YZboard/view.php?id=
index_en.php?ref=
index_en.php?ref=
category.php?id_category=
main.php?id=
main.php?id=
calendar/event.php?id=
default.php?cPath=
pages/print.php?id=
index.php?pg_t=
_news/news.php?id=
forum/showProfile.php?id=
fr/commande-liste-categorie.php?panier=
downloads/shambler.php?id=
sinformer/n/imprimer.php?id=
More_Details.php?id=
directory/contenu.php?id_cat=
properties.php?id_cat=
forum/showProfile.php?id=
downloads/category.php?c=
index.php?cat=
product_info.php?products_id=
product_info.php?products_id=
product-list.php?category_id=
detail.php?siteid=
projects/event.php?id=
view_items.php?id=
more_details.php?id=
melbourne_details.php?id=
more_details.php?id=
detail.php?id=
more_details.php?id=
home.php?cat=
idlechat/message.php?id=
detail.php?id=
print.php?sid=
more_details.php?id=
default.php?cPath=
events/event.php?id=
brand.php?id=
toynbeestudios/content.php?id=
show-book.php?id=
more_details.php?id=
store/default.php?cPath=
property.php?id=
product_details.php?id=
more_details.php?id=
view-event.php?id=
content.php?id=
book.php?id=
page/venue.php?id=
print.php?sid=
colourpointeducational/more_details.php?id=
print.php?sid=
browse/book.php?journalID=
section.php?section=
bookDetails.php?id=
profiles/profile.php?profileid=
event.php?id=
gallery.php?id=
category.php?CID=
corporate/newsreleases_more.php?id=
print.php?id=
view_items.php?id=
more_details.php?id=
county-facts/diary/vcsgen.php?id=
idlechat/message.php?id=
podcast/item.php?pid=
products.php?act=
details.php?prodId=
socsci/events/full_details.php?id=
ourblog.php?categoryid=
mall/more.php?ProdID=
archive/get.php?message_id=
review/review_form.php?item_id=
english/publicproducts.php?groupid=
news_and_notices.php?news_id=
rounds-detail.php?id=
gig.php?id=
board/view.php?no=
index.php?modus=
news_item.php?id=
rss.php?cat=
products/product.php?id=
details.php?ProdID=
els_/product/product.php?id=
store/description.php?iddesc=
socsci/news_items/full_story.php?id=
modules/forum/index.php?topic_id=
feature.php?id=
products/Blitzball.htm?id=
profile_print.php?id=
questions.php?questionid=
html/scoutnew.php?prodid=
main/index.php?action=
********.php?cid=
********.php?cid=
news.php?type=
index.php?page=
viewthread.php?tid=
summary.php?PID=
news/latest_news.php?cat_id=
index.php?cPath=
category.php?CID=
index.php?pid=
more_details.php?id=
specials.php?osCsid=
search/display.php?BookID=
articles.php?id=
print.php?sid=
page.php?id=
more_details.php?id=
newsite/pdf_show.php?id=
shop/category.php?cat_id=
shopcafe-shop-product.php?bookId=
shop/books_detail.php?bookID=
index.php?cPath=
more_details.php?id=
news.php?id=
more_details.php?id=
shop/books_detail.php?bookID=
more_details.php?id=
blog.php?blog=
index.php?pid=
prodotti.php?id_cat=
category.php?CID=
more_details.php?id=
poem_list.php?bookID=
more_details.php?id=
content.php?categoryId=
authorDetails.php?bookID=
press_release.php?id=
item_list.php?cat_id=
colourpointeducational/more_details.php?id=
index.php?pid=
download.php?id=
shop/category.php?cat_id=
i-know/content.php?page=
store/index.php?cat_id=
product.php?pid=
showproduct.php?prodid=
product.php?productid=
productlist.php?id=
index.php?pageId=
productlist.php?tid=
product-list.php?id=
onlinesales/product.php?product_id=
garden_equipment/Fruit-Cage/product.php?pr=
product.php?shopprodid=
product_info.php?products_id=
productlist.php?tid=
showsub.php?id=
productlist.php?fid=
products.php?cat=
products.php?cat=
product-list.php?id=
product.php?sku=
store/product.php?productid=
products.php?cat=
productList.php?cat=
product_detail.php?product_id=
product.php?pid=
wiki/pmwiki.php?page****=
summary.php?PID=
productlist.php?grpid=
cart/product.php?productid=
db/CART/product_details.php?product_id=
ProductList.php?id=
products/product.php?id=
product.php?shopprodid=
product_info.php?products_id=
product_ranges_view.php?ID=
cei/cedb/projdetail.php?projID=
products.php?DepartmentID=
product.php?shopprodid=
product.php?shopprodid=
product_info.php?products_id=
index.php?news=
education/content.php?page=
Interior/productlist.php?id=
products.php?categoryID=
modules.php?****=
message/comment_threads.php?postID=
artist_art.php?id=
products.php?cat=
index.php?option=
ov_tv.php?item=
index.php?lang=
showproduct.php?cat=
index.php?lang=
product.php?bid=
product.php?bid=
cps/rde/xchg/tm/hs.xsl/liens_detail.html?lnkId=
item_show.php?lid=
?pagerequested=
downloads.php?id=
print.php?sid=
print.php?sid=
product.php?intProductID=
productList.php?id=
product.php?intProductID=
more_details.php?id=
more_details.php?id=
books.php?id=
index.php?offs=
mboard/replies.php?parent_id=
Computer Science.php?id=
news.php?id=
pdf_post.php?ID=
reviews.php?id=
art.php?id=
prod.php?cat=
event_info.php?p=
view_items.php?id=
home.php?cat=
item_book.php?CAT=
www/index.php?page=
schule/termine.php?view=
goods_detail.php?data=
storemanager/contents/item.php?page_code=
view_items.php?id=
customer/board.htm?mode=
help/com_view.html?code=
n_replyboard.php?typeboard=
eng_board/view.php?T****=
prev_results.php?prodID=
bbs/view.php?no=
gnu/?doc=
zb/view.php?uid=
global/product/product.php?gubun=
m_view.php?ps_db=
naboard/memo.php?bd=
bookmark/mybook/bookmark.php?bookPageNo=
board/board.html?table=
kboard/kboard.php?board=
order.asp?lotid=
english/board/view****.php?code=
goboard/front/board_view.php?code=
bbs/bbsView.php?id=
boardView.php?bbs=
eng/rgboard/view.php?&bbs_id=
product/product.php?cate=
content.php?p=
page.php?module=
?pid=



Kemudian jika kita sudah mendapatkan targetnya jangan lupa kita cek terlebih dahulu apakah target yang kita dapat itu vulnab tidaknya untuk kita injec caranya dengan menambahkan " (petik dua) di belakang angka atau ' (petik satu ) di depan angka atau juga dengan tanda - (minus) di depan atau di belakang angka (contoh : http://www.dittberner.com/reports/about.php?id=5") jika target yang kita miliki itu terdapat error setelah kita lakukan hal tersebut  itu tandanya target yang kita miliki bisa kita injec lihat gambar di bawah ini.

setelah itu baru kita jalankan havij untuk melakukan injection, masukan url target ke tempat target kemudian klik start biarkan proses berjalan sampai selesai.


setelah selesai maka kita pilih DB dan kemudian klik Get Table seperti pada gambar di bawah ini tunggu samapi proses selesai.


seteah proses selesai kita harus mencari kira kira dimana username dan password pada DB tersebut di simpan setelah ketemu kita ceklist filename tersebut dan klik get column dan tunggu kembali hingga proses selesai.


setelah selesai nah kelihatan bukan file login dan usernamenya, kemudian kita ceklis kembali file tersebut untuk kita ambil dengan mengklik get data tunggu kembali hingga proses selesai...

setelah selesai kita bisa mensave data tersebut selesai sudah pengambilan data base pada web tersebut dan kita bisa menggunakan data yang kita dapat tadi, sudah terbayang bukan data tersebut akan kita gunakan untuk apa, jadi tidak perlu saya jelaskan kembali hehehe..hampir saya lupa biasanya passwordnya terekripsi jadi untuk membuka engkripsi data tersebut kita bisa mengunakan tools yang sudah di sediakan oleh havij tersebut dengan mengklik md5, setelah data tersebut sudah terpecahkan maka kita bisa langsung mencari control panel adminnya untuk login ke web tersebut dengan mengklik find admin... dan kita masukan id dan juga password yang sudah kita dapatkan tadi.

Semoga artikel ini bisa menjadi bahan pembelajaran kita semua dan juga bisa bermanfaat, Penulis tidak bertanggung jawab atas resiko yang terjadi dari penyalahgunaan informasi ini, resiko di tanggung oleh pribadi masing masing yang mensalah gunakan informasi ini, sekali lagi artikel ini hanya sebagai pembelajaran saja.

Tidak ada komentar untuk "Hacking Wabsite dengan havij"