• Dump all
• New bypass method for MySQL using parenthesis
• Write file feature added for MSSQL and MySQL.
• Loading HTML form inputs
• Random signature generator
• Saving data in CSV format
• Advanced evasion tab in the settings
• Injection tab in settings
• ‘Non-existent injection value’ can now be changed by user (the default value is 999999.9)
• ‘Comment mark’ can be changed by user (the default value is –)
• Disabling/enabling of logging
• Bugfix: adding manual database in tables tree view
• Bugfix: finding string columns in PostgreSQL
• Bugfix: MS Access blind string type data extraction
• Bugfix: MSSQL blind auto detection when error-based method fails
• Bugfix: all database blind methods fail on retry
• Bugfix: guessing columns/tables in MySQL time-based injection
• Bugfix: crashing when dumping into file
• Bugfix: loading project injection type (Integer or String)
• Bugfix: HTTPS multi-threading bug
• Bugfix: command execution in MSSQL 2005
Особенности:1. Supported Databases with injection methods:
MSSQL 2000/2005 with error
MSSQL 2000/2005 no-error union-based
MSSQL blind
MSSQL time-based
MySQL union-based
MySQL blind
MySQL error-based
MySQL time-based
Oracle union-based
Oracle error-based
Oracle blind
PostgreSQL union-based
MS Access union-based
MS Access blind
Sybase (ASE)
Sybase (ASE) Blind
2. HTTPS support
3. Multi-threading
4. Proxy support
5. Automatic information server detection
6. Automatic parameter kind detection (string or integer)
7. Automatic keyword detection (finding the distinction between positive and negative responses)
8. Automatic scan of all parameters.
9. attempting completely different injection syntaxes
10. choices for substitution house by /**/,+,... against IDS or filters
11. Avoids exploitation strings (bypassing magic_quotes and similar filters)
12. Manual injection syntax support
13. Manual queries with result
14. Forcing extrajudicial union
15. Random signature generator
16. totally customizable protocol headers (like referer, user agent...)
17. Loading cookie(s) from web site for authentication
18. Load HTML type inputs
19. protocol Basic and Digest authentication
20. Injecting uniform resource locator rewrite pages
21. Bypassing ModSecurity internet application firewall and similar firewalls
22. Bypassing WebKnight internet application firewall and similar firewalls
23. Instant result
24. idea tables and columns in MySQL<5 (also in blind) and MS Access
25. fast retrieval of tables and columns for MySQL
26. Resuming a antecedently saved table/column extraction session
27. death penalty SQL question against associate Oracle information
28. Custom keyword replacement in injections
29. obtaining one complete row through one request (all in one request)
30. merchandising information into file
31. Saving information as XML
32. Saving information as CSV format
33. facultative xp_cmdshell and remote desktop
34. Multiple table/column extraction strategies
35. Multi-threaded Admin page finder
36. Multi-threaded on-line MD5 cracker
37. obtaining software package data
38. obtaining tables, columns and information
39. Command execution (MSSQL only)
40. Reading remote system files (MySQL only)
41. Creating/writing to a foreign file (MySQL and MsSQL)
42. Insert/update/delete information
43. Unicode support
Отличие бесплатной от ПРО версии:
Pass:
XakFor.Net
После установки скопируйте содержимое папки "Loader" в папку с установленным Havij и запустите Loader.exe