exploit the possibilities

MD5 MySQL Brute Forcer

MD5 MySQL Brute Forcer
Posted May 10, 2012
Authored by baltazar

This is a simple python script for cracking MySQL MD5 passwords.

tags | cracker, python
MD5 | ddb4580bc5f288eb23c3fc01a239324d

MD5 MySQL Brute Forcer

Change Mirror Download
#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname : md5db.py
# Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version : 0.1
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, fx0, Soul, MikiSoft, c0ax, b0ne and all members of ex darkc0de.com, ljuska.org
# Based on low1z (ex. darkc0de member) python script, md5db11.py
# Thanks bro for inspiring me :)

import sys, subprocess, hashlib

try:
import MySQLdb
except:
print "\n[-] MySQLdb not installed on system!"
choo = raw_input("\nWould you like to install it (if want press yes or y)?")
if choo == "yes" or choo == "y":
subprocess.call("sudo apt-get install python-mysqldb", shell=True) # Works with me, tested on Kubuntu 12.04
print "\n[!] MySQLdb installed!"
print "[!] Now exiting, please try script again!"
sys.exit(1)
else:
print "\n[+] If you using Ubuntu based system, try: sudo apt-get install python-mysqldb"
print "[!] Thanks for using script, please visit b4ltazar.wordpress.com & ljuska.org"
print "[!] Now exiting ..."
sys.exit(1)



def logo():
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com |"
print "| 05/2012 md5db.py v.0.1 (based on low1z script) |"
print "| b4ltazar.wordpress.com & ljuska.org |"
print "| |"
print "|---------------------------------------------------------------|\n"


if sys.platform == 'linux' or sys.platform == 'linux2':
subprocess.call("clear", shell=True)
logo()
else:
subprocess.call("cls", shell=True)
logo()

dbname = 'md5db'
#####################################################################
DB = MySQLdb.connect(host='127.0.0.1', user='root', passwd='toor') # You should change this line with your login details
#####################################################################

def DBconnect():
consrv = DB.cursor()
return consrv

def setupDB():
consrv = DBconnect()
try:
consrv.execute("CREATE DATABASE "+dbname)
print "[+] Database:", dbname
print "[+] Status : created"
except MySQLdb.Error, e:
print "[-] Error %s" % (e.args[1])
sys.exit(1)
try:
consrv.execute("CREATE TABLE "+dbname+".data (id INT( 255 ) NOT NULL AUTO_INCREMENT ,plain TEXT NOT NULL ,md5 VARCHAR( 255 ) NOT NULL ,PRIMARY KEY ( id ) , UNIQUE ( md5 )) ENGINE = MYISAM;")
print "[+] Tables in db:", dbname, "created, Database ready to use!"
except MySQLdb.Error, e:
print "[-] Error %s" % (e.args[1])
sys.exit(1)

def importword():
counter = 0
try:
words = open(wordlist, "r")
except(IOError):
print "[-] Error: check", wordlist
sys.exit(1)
duplicates = 0
print "[+] Inserting wordlist, skipping duplicates ... may take some time"
for word in words.read().split('\n'):
hash = hashlib.md5(word).hexdigest()
counter = counter + 1
try:
consrv = DBconnect()
consrv.execute("INSERT INTO "+dbname+".data (plain, md5)VALUES ('"+str(word)+"', '"+str(hash)+"');")
except MySQLdb.Error, e:
duplicates = duplicates + 1
print "\n[+] Duplicates:", duplicates

def single(shash):
consrv = DBconnect()
consrv.execute("SELECT plain FROM "+dbname+".data WHERE md5 = '"+shash+"'")
dset = consrv.fetchone()
if dset == None:
print "[!]",shash, ":", "not in DB"
else:
print "[!]",shash, ":", dset[0]
consrv.close()

def dropDB():
consrv = DBconnect()
try:
consrv.execute("DROP DATABASE "+dbname)
print "[+] Database:", dbname
print "[+] Status : deleted"
except MySQLdb.Error, e:
print "[-] Error %s" % (e.args[1])
sys.exit(1)

def statusDB():
try:
consrv = DBconnect()
consrv.execute("SELECT COUNT(id) AS num FROM "+dbname+".data")
DBcount = consrv.fetchone()
return DBcount[0]
consrv.close()
except MySQLdb.Error, e:
print "[-] Error %s" % (e.args[1])
sys.exit(1)

if len(sys.argv) <= 1:
print "Usage: "
print "-s initial DB installation"
print "-w insert wordlist into DB"
print "-d delete DB"
print "-sh search DB for given hash"
print "-c count DB entries\n"
print "[!] Thanks for using script, please visit b4ltazar.wordpress.com & ljuska.org"
sys.exit(1)




for arg in sys.argv[1:]:
if arg.lower() == "-s":
setupDB()

if arg.lower() == "-sh":
try:
shash = sys.argv[2]
if len(shash) != 32:
print "[-] Invalid md5 supplied, check your input!"
sys.exit(1)
single(shash)
except(IndexError):
print "[-] Error: check hash!"

if arg.lower() == "-w":
try:
wordlist = sys.argv[2]
importword()
except(IndexError):
print "[-] Error, check your wordlist path!"

if arg.lower() == "-d":
dropDB()

if arg.lower() == "-c":
print "[+] Checking for number of entries in DB!"
print "[!]", statusDB(), " entries in DB"

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close