TBD.my

Full Version: Hexjector - Tutorial
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4
To perform SQL Injection Pentesting on a site , We would need a webserver with cURL library installed as my script needs it.

(If you already have webserver with cURL installed , you can skip this step.)
Download Vertrigo:

https://sourceforge.net/projects/vertrig...e/download

After the downloading the file, install it.
Then , download my script :

https://sourceforge.net/projects/hexject...z/download

Extract the contents of the script to %systemroot%/Program Files/Vertrigo/www/
After that , open your browser and Vertrigo.

At the address bar of your browser, type :

http://localhost/hexjector.php

and click Enter.

My script will load and a form will appear.

Type the site that you want to test in the box and click Enter.

NOTE : I haven't develop a crawler , so you would need to give the site with filename and GET request.

For example :

http://localhost/sqli.php?id=2

(Valid Request)

http://localhost (invalid request)

Please wait while my script runs and once it finishes , 4 more boxes will appear.

1.Manual Data Dump
1.1 URL

1.1.1 Put the url of the site at it.
1.1.2 Put the usual injection syntax (union select (column_number)) refer to the data of the script for the column number .
1.1.3 Replace the string column with "hexon" (without quotes) , refer to the data extracted for string column.

Example of good query:

(refer to script)
or another example which is the same anyway :

http://localhost/sqli.php?id=2 union select 1,2,3,4,5,6,hexon--
(assume 7 is the string column)

1.2 Table
1.2.1 Please put the table name that you wanted into it.

1.3 Column
1.3.1 Please put the desired column name into it.

2.0 Hexafind
2.0.1 Please put the site with "/" (without quotes) at the end.

Example : http://site.com/
bagus2..thx hexon, baru aku faham fungsi benda ni..
Kalo ada benda yg tak paham , post je kat thread ni
tq hexon Big Grin
(02-05-2010, 04:48 PM)Ahlspiess Wrote: [ -> ]tq hexon Big Grin

ala .... ko ni ... kan ko dah tau cam mana nak guna -.-
aku tak faham langsung fungsi benda ni..terus -terang.. sekarang baru tau.
nape ada error??

Code:
Notice: Undefined index: site in C:\wamp\www\hexon\info.php  on line 3[quote][/quote]

aku guna wampserver

[Image: hexonhehe.jpg]
ek ?? ko ada ubah apa apa tak ?? n script leh jalan tak ??
wampp mmg plik ah, aku test xde error pun
aku x de ubah ape2 scrip tuh..aku try masukkn web yg ada vuln nie result nye


[Image: hexonnn.jpg]
ko install vertrigo, wamp xde curl
kalo ko nak script yg leh jalan kat wamp , mesti ko tak nak guna ...... :P
(02-05-2010, 05:09 PM)Ahlspiess Wrote: [ -> ]ko install vertrigo, wamp xde curl

Curl ni macam ko kena open benda tu pakai CMD
contoh nye,lokasi vertigo serv ko kat program files
so nak guna dia cam ni
aku tak pasti la coz aku tak tgk code tu hex injector tu
Code:
Cd C:\
cd program files
cd vertigoserv
cd php
php.exe c:\hexjector.php
(02-05-2010, 05:15 PM)Hazzynx Wrote: [ -> ]
(02-05-2010, 05:09 PM)Ahlspiess Wrote: [ -> ]ko install vertrigo, wamp xde curl

Curl ni macam ko kena open benda tu pakai CMD
contoh nye,lokasi vertigo serv ko kat program files
so nak guna dia cam ni
aku tak pasti la coz aku tak tgk code tu hex injector tu
Code:
Cd C:\
cd program files
cd vertigoserv
cd php
php.exe c:\hexjector.php

erk mane ade lol. vertigo support curl, waamp tak support curl. tu je GayFace
(02-05-2010, 05:09 PM)Ahlspiess Wrote: [ -> ]ko install vertrigo, wamp xde curl

[Image: heconnnnnn.jpg]


yup dah jadi dah..aku guna vertrigo. so kesimpulan wamp xde curlXD
Pages: 1 2 3 4