Jump to content

Recommended Posts

Posted

Hey guys

 

This is a new program i've made and it's working pretty good

 

This is a bruteforce program and it's illegal! so use it at your own risk!

 

I've made this program today in some hours and its working now without bugs (i hope so)

 

Bruteforcing a mysql database can take a long time because its trying alot of passwords + combinations

It's trying upper/lower characters and numeric in different combinations, This will make the bruteforce a success

 

Just fillin the ip you want to bruteforce and then the username.... mostly its root

 

This should work at every server that has the port open 3306 (mysql port)

 

Video preview:

http://www.youtube.com/watch?v=EQvkqNbLGR4

This is the hidden content, please

Posted

for me Trying password is realy slow o.O not like you. have you maked it little bit faster or need realy fast cpu? so it worked like on you?

Posted

Now 95% server use not root username :D But thx for share. How mutch maximum lenght?

 

Maybe you can add this:

 

Minimal lenght: 1

Maximal lenght: 20

 

Allowed Charact

 

Yes/No Digits: (0/9)

 

Yes/No Uppercase letters (A/Z)

 

Yes/No Lowercase letters (a/z)

 

Yes/No Special symbol (@!?^?^,etc)

 

Yes/No Custom symbol

Posted

Great job Dragon, but for me application needs some improvement. For example if i know that password is more than 5 letters length, i dont need to try passwords like a,aa,aaa,aaaa, b,bb,bbb,bbbb etc. So if will be option to select number of minimum pass letters it will be great :)

Posted

Fix for Linux:

 

iptables -A INPUT -i eth0 -p tcp --dport 3306 -m state --state NEW -m recent --set --name MYSQL

iptables -A INPUT -i eth0 -p tcp --dport 3306 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name MYSQL -j DROP

 

Or just don't create user with '@', just create for host, which your know, others forbid...

Guest
This topic is now closed to further replies.

×
×
  • Create New...