Cara Deface Website Menggunaka Havij

Diposting oleh Unknown on Sabtu, 08 Maret 2014
Hy Sobat Experiment Saya Akan Share Cara Deface Website Dengan Havij


1. Silahkan buka tools Havij anda, jika belum punya bisa di download Havij versi 1.15 Pro.
DOWNLOAD DISINI 
Untuk mencari target gunakan Tool XCodeXploitScanner dan Dork dibawah ini.

inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:Pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:prod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurl:prod_info.php?id= inurl:shop.php?do=part&id= inurl:Productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl:product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail.php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:review.php?id= inurl:loadpsb.php?id= inurl:ages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl:offer.php?idf= inurl:art.php?idm= inurl:title.php?id= trainers.php?id= article.php?ID= play_old.php?id= declaration_more.php?decl_id= Pageid= games.php?id= newsDetail.php?id= staff_id= historialeer.php?num= product-item.php?id= news_view.php?id= humor.php?id= communique_detail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id= prod_detail.php?id= viewphoto.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= detail.php?ID= publications.php?id= Productinfo.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= product_ranges_view.php?ID= shop_category.php?id= channel_id= newsid= news_display.php?getid= ages.php?id= clanek.php4?id= review.php?id= iniziativa.php?in= curriculum.php?id= labels.php?id= look.php?ID= galeri_info.php?l= tekst.php?idt= newscat.php?id= newsticker_info.php?idn= rubrika.php?idr= offer.php?idf= "id=" & intext:"Warning: mysql_fetch_array() "id=" & intext:"Warning: getimagesize() "id=" & intext:"Warning: session_start() "id=" & intext:"Warning: mysql_num_rows() "id=" & intext:"Warning: mysql_query() "id=" & intext:"Warning: array_merge() "id=" & intext:"Warning: preg_match() "id=" & intext:"Warning: ilesize() "id=" & intext:"Warning: filesize() index.php?id= buy.php?category= article.php?ID= play_old.php?id= newsitem.php?num= top10.php?cat= historialeer.php?num= reagir.php?num= intext:"error in your SQL syntax" +site:mm intext:"mysql_num_rows()" +site:mm intext:"mysql_fetch_array()" +site:mm intext:"Error Occurred While Processing Request" +site:mm intext:"Server Error in '/' Application" +site:mm intext:"Microsoft OLE DB Provider for ODBC Drivers error" +site:mm intext:"Invalid Querystring" +site:mm intext:"OLE DB Provider for ODBC" +site:mm intext:"VBScript Runtime" +site:mm intext:"ADODB.Field" +site:mm intext:"BOF or EOF" +site:mm intext:"ADODB.Command" +site:mm intext:"JET Database" +site:mm intext:"mysql_fetch_row()" +site:mm intext:"Syntax error" +site:mm intext:"include()" +site:mm intext:"mysql_fetch_assoc()" +site:mm intext:"mysql_fetch_object()" +site:mm intext:"mysql_numrows()" +site:mm intext:"GetArray()" +site:mm intext:"FetchRow()" +site:mm intext:"Input string was not in a correct format" +site:mm
Silahkan di edit lagi dorknya biar lebih ampuh..

2. setelah ketemu, masukkan link target ke kolom target lalu klik "Analyze"
NB : Masukkan bagian url yang berakhiran id=angka untuk di inject, bukan indexnya..
Contoh : www.site.com/index.asp?id=123 seperti contoh yang ada di havijnya..

3. Selanjutnya setelah ketemu databasenya centang seperti di gambar dan Klik iconTables, tampilannya seperti ini :


4. Lanjutkan dengan mengKlik Get DBs Screenshoot seperti di bawah ini :



5. Nah loh sudah keliatan databasenya..kita oprek tabel admin atau administrator saja untuk cari user sama passwordnya..Klik DB Administrator lalu klik Get Tables, nanti akan keluar table..



6. Nah keluar tabel admin kemudian centang tabel admin dan Get Data..



7. Itu nongol username sama passwordnya..sekarang tinggal cari halaman admin loginnya,di Havij sudah disediakan untuk mencari halaman admin login dan Hash password jika nanti nemu password MD5..




Udah gitu ja sekian terima kasih.. :D
Tolong Jangan Lupa Tinggalkan Komentarnya ^_^

{ 99 komentar... read them below if any or add comment }

Unknown mengatakan...

kok saya pas get DBs gak bisa ya...apa webnya gk Vuln...?? soalnya saya cari di gr3nox webnya vuln

Posting Komentar

 
Indonesia Experiment - SEO Friendly Blogger Template Design by Velix