New Post


Wednesday, February 20, 2013
Learn Ethical Hacking BEH | Footprinting Book 3 Online

Learn Ethical Hacking BEH | Footprinting Book 3 Online

Learn ethical Hacking with HackingLoops Campaign BEH (Born Ethical Hackers) third book is online now. In our last issue we have started learning about preparatory phase of any hacking attempt i.e. Information gathering or Footprinting. Let’s have a brief overview what we have covered in our last BEHC issue. We have started with the introduction part of Footprinting or information gathering and then we have covered several Footprinting and information gathering techniques namely how to get an IP address of victim, different techniques to steal IP address, Ping sweep, Flood Ping DDOS attack, Trace route, WHOIS information gathering, extracting history details of any domain, owner contact information extraction, DNS queries and DNS health check to discover domain level bugs. This was all what we covered in our last issue. In this issue we will continue learning about other information gathering techniques. 

Born Ethical Hackers Club : Book 3

The techniques that we learn in this issue are mentioned below:
  • Overview of Last BEH Issue: Footprinting or information Gathering Techniques 
  • Search Engine discovery
    • Dorks 
  • Spiders, Crawlers or Robots discovery
  • Web Data Extraction or Web Scraping 
    • Fetching the Data 
    • Dealing with Pagination
    • Use CSS Hooks 
    • Get a Good HTML Parsing Library
    • When In Doubt, Spoof Headers 
    • Content behind a Login
    • Rate Limiting 
    • Poorly Formed Markup.
  • Reviewing Metadata and JavaScript’s
    • Parser and Markup information
    • Using Page Speed to Dig Critical Information about website
  • Automated Data Extraction using Hack tools 
    • Exiftool
    • FOCA
  • Web Application OR WEB SERVER Fingerprint
    • Manual Fingerprinting
    • Automated Fingerprinting
  • People Search: Prepare Social Engineering Attack Profile 


Alternate Download Link

We hope you all will enjoy the book. If there are some spell mistakes or other formatting issues please mail me
Friday, February 8, 2013
Source Code of Havij SQL Injection Hack Tool by Hackingloops

Source Code of Havij SQL Injection Hack Tool by Hackingloops

Welcome friends, Today i am sharing Source code of World's best SQL Injection Hack tool available in the market, off course its Havij. Its success rate is more than 95% (if website is vulnerable to SQL injection). Havij is one of the best SQL injection tool which is used to hack websites. It is developed by ITsec team. Hackingloops has reverse engineered (or decoded) the complete(/full) source code of Havij SQL Injection Hack tool. Here is the brief about Havij, Havij is available in two versions first normal(free version) and second is professional(paid version). We have reverse engineered the pro version of Havij tool. Havij tool is coded in Visual basic. It uses the class VB6 form based structure. 

Havij source code
Havij Source using VB6

Brief about Havij?

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

How i reverse engineered it? 
Few days back i was looking at bit stream of Havij as it got detected by Antivirus, so i was searching of digital signature which is getting detected. In the meanwhile i thought lets have a look at its binary i.e. exe so what i did i used PEID to explore what is used to build the Havij tool. And you all will laugh to listen that it was bad luck of Havij that it showed me unknown packer is used to build. So i have tried few of y favorite PE explorers and here is the result, i came to know that Havij is coded with the help of VB6. Now the only thing remain after that is finding the Entry point and yesterday i have found it and here is the source code :P. I extracted the decoded binary .exe file and then decompiled the source code with :P(can't tell). 

I have tested the source code properly its perfectly working. You will need to used VB6 to recompile the code and make your own changes.
VB6 is freely available on web, so download it to recompile the code.  Source code contains 3 forms and 18 BAS modules, 1 CTL file , 1 resource file and 1 VBP(project file).


How to recompile the Havij Source code?
1. Download the Havij Source code by Hackingloops. (download now)
2. Just extract the zip source code and open the Havij.vbp file with VB6. 
3. There you will see the forms and other stuff.
4. Now just compile the code and generate the exe file.

I hope you all have enjoyed the source code. Keep learning and keep Hacking.
Designed by Hackingloops.