|
Penetration Testing
mailing list archives
Re: Mysql Password Auditor v1.0 is Released
From: Nagareshwar Talekar <tnagareshwar () gmail com>
Date: Wed, 25 May 2011 19:21:03 +0530
On a technical note, here is a difference,
Here's how it is executed in Hydra for every password
--------------------
mysql_init(&mysql);
/*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */
if (!mysql_real_connect(&mysql, hydra_address2string(ip), login,
pass, database, 0, NULL, 0)) {
if (debug)
fprintf(stderr, "Failed to connect to database: Error: %s\n",
mysql_error(&mysql));
return 3;
}
mysql_close(&mysql);
---------------------
In our code we execute only core line for every password
if (!mysql_real_connect(&mysql, hydra_address2string(ip), login,
pass, database, 0, NULL, 0)) {
That basically adds some performance boost especially when you take it
to millions of passwords !
Being dedicated tool, Mysql Password Auditor makes us to add more such
optimizations. [nothing against Hydra, we love it as everyone else ! ]
- SecurityXploded
On Wed, May 25, 2011 at 7:08 PM, Nagareshwar Talekar
<tnagareshwar () gmail com> wrote:
It is not supposed to be replacement for Hydra - which is great tool
with multi-login crackers.
Mysql Password Auditor is meant to be more easy to use and dedicated
password auditing tool for Mysql alone. Being dedicated it allows us
to add more features such as brute force, pattern based password
attacks along with special optimizations for mysql protocol in the
upcoming releases.
Based on community feedbacks we will try to make it more exciting in
the coming days. So kindly pass on any thing that you like to see in
the future versions.
- SecurityXploded
On Wed, May 25, 2011 at 6:43 PM, Doyle, Jason (10090)
<jason.doyle () protiviti com> wrote:
Looks like an easy to use GUI tool. I currently use Hydra during my penetration testing engagements to guess mysql
passwords using password lists. Besides the GUI feature, is there any benefit (e.g. performance) over a tool like
Hydra that your aware of?
Thanks.
________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Nagareshwar Talekar
[tnagareshwar () gmail com]
Sent: Tuesday, May 24, 2011 6:01 PM
To: pen-test () securityfocus com
Subject: Mysql Password Auditor v1.0 is Released
Hi all,
MysqlPasswordAuditor is the FREE tool to Recover or Audit Mysql
passwords. It can support both local as well as remote Mysql server.
In addition to recovering your lost/forgotten passwords, it can also
help you to audit Mysql database server setup in an corporate
environment by discovering the weak password configurations. This
makes it one of the must have tool for IT administrators & Penetration
Testers.
For more details visit
http://securityxploded.com/mysql-password-auditor.php
- SecurityXploded
An Infosec Research & Development Portal
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------------
NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and
advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions
on financial statements or offer attestation services.
This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This
message, together with any attachment, may contain confidential and privileged information. Any views, opinions or
conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of
Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or
distribution is strictly prohibited. If you have received this message in error, please immediately advise the
sender by reply email message to the sender and delete all copies of this message. Thank you.
==============================================================================
--
With Regards
Nagareshwar Talekar
http://SecurityXploded.com
http://PasswordForensics.com/
http://NetCertScanner.com
http://twitter.com/securityxploded
--
With Regards
Nagareshwar Talekar
http://SecurityXploded.com
http://PasswordForensics.com/
http://NetCertScanner.com
http://twitter.com/securityxploded
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
