GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools

Published on March 13th, 2018 | by MaxiSoler

0

Enumdb Beta – Brute Force MySQL and MSSQL Databases

Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials.

By default enumdb will use newly found, or given, credentials to search the database and find tables containing sensitive information (usernames, passwords, ssn, credit cards, etc), taking the manual work out of post exploitation. The data will be copied to a .xlsx output file in the current directory, listing one table per sheet. This output file can be changed to .csv using the command line arguments.

 

Installation

In the Linux terminal run:

git clone https://github.com/m8r0wn/enumdb
sudo chmod +x enumdb/setup.sh
sudo ./enumdb/setup.sh

Usage

Connect to a MySQL database and enumerate tables writing output to xlsx:

bash python3 enumdb.py -u root -p '' -t mysql 10.11.1.30

Connect to a MSSQL database using a domain username and enumerate tables writing output to xlsx:

python3 enumdb.py -u 'domain\\user' -p Winter2018 -t mysql 10.11.1.30

Connect to MySQL database and enumerate tables writing output to csv:

python3 enumdb.py -u root -p SecretPass! -t mysql -csv 10.0.0.1

Brute force MSSQL sa account login. Once valid credentials are found, enumerate data writing output to xlsx:

python3 enumdb.py -u sa -P passwords.txt -t mssql 192.168.10.10

Brute force MSSQL sa account login without enumerating data or logging output:

python3 enumdb.py -u sa -P passwords.txt -t mssql -brute 192.168.10.10

More information: here

Thanks to Mike Brown, for sharing this tool with us.

Tags: , , , , ,


About the Author

www.artssec.com @maxisoler



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑