March 29, 2012

Great article on Havij, a tool designed to execute SQL injections.  Ericka at Dark Reading deserves major kudos for writing about the topic and bringing attention to it.

As the piece states and, as we highlighted in our hacktivism report, Havij is a major tool in hacker's arsenal.  We detailed how Havij was used to breach PBS last year.

Essentially, Havij is an automated SQL injection tool.  Hackers use it in conjunction with vulnerability assessment (VA) tools such as Acunetix or Nikto.  VA scanners find vulnerabilities but stop short of an actual exploitation—and that’s exactly where Havij starts.  In other words, VA gives you a list of targets, Havij takes the shots.

What does the process of using Havij look like?  It’s hardly complicated (click image to BIGGIFY):

  Havij1

Note some of the key functionality:

  • Get DBs:  Hmm, wonder what that does.
  • Get Tables:  Hmm, wonder what that does.
  • Get Columns:  Hmm, wonder what that does.
  • Get Data:  No idea.

You’ll also note in the above the picture, Havij reconstructs the database’s contents.  It can perform many types of SQL injections to achieve that task.

How do you stop Havij?  We detailed the steps for stopping SQL injection here.  It’s one of the most read blogs we’ve ever written and is always worth reviewing.  Its also worth noting that traditional network firewalls as well as next-generation firewalls can't block Havij.

Here’s what our WAF looks like when hit by Havij (see the green box):

Havij2

Here’s what Havij looks like when blocked or unable to find an exploit (see red at the bottom of the picture):

Havij3

 


Authors:

Share:
Share on LinkedIn

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.