Mysql Bruteforce V1.0 [Penetration Testing Tools]

A small application build to demo the weakness in mysql and networking. This is capable of running login attempts from multiple threads in parallel. The effect of this is instead of attempting to login to the server one at a time which is badly effected by network latency. This little tool will be able to run up to 1024 concurrent connections. An example of the performance difference is with a round trip time of around 50ms it takes around 5 minutes to attempt 1000 logins. With multiple threads it takes around 10 seconds (at basic broadband speeds). What is worse is that locally it is capable of trying 1000’s of password’s a second!

How to use: ./mysql_bruteforce.c [<options>]

-h Print this help and exit
-v Verbose. Repeat for more info
-t <host> host to try
-p <port> port to connect on
-n <num> number of threads to use

Note: usernames / password will be read from stdin
The format for this is username:password

Platform : Linux

Download Source Code : mysql_bruteforce.c

Advertisements