{"id":14972120,"url":"https://github.com/tinram/mysql-brute","last_synced_at":"2025-10-26T17:31:29.937Z","repository":{"id":83640066,"uuid":"92959325","full_name":"Tinram/MySQL-Brute","owner":"Tinram","description":"Brute force a single MySQL user with a wordlist.","archived":false,"fork":false,"pushed_at":"2024-05-20T16:30:19.000Z","size":51,"stargazers_count":58,"open_issues_count":0,"forks_count":23,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-31T21:52:50.780Z","etag":null,"topics":["bruteforce","mysql","mysql-bruteforcer","mysql-database","mysql-server","mysql-user"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tinram.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-31T15:13:49.000Z","updated_at":"2024-11-29T03:47:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"1f8fb473-cc72-445e-b673-7b6695896d57","html_url":"https://github.com/Tinram/MySQL-Brute","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FMySQL-Brute","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FMySQL-Brute/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FMySQL-Brute/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FMySQL-Brute/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tinram","download_url":"https://codeload.github.com/Tinram/MySQL-Brute/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238375227,"owners_count":19461569,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bruteforce","mysql","mysql-bruteforcer","mysql-database","mysql-server","mysql-user"],"created_at":"2024-09-24T13:46:25.043Z","updated_at":"2025-10-26T17:31:24.670Z","avatar_url":"https://github.com/Tinram.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\r\n# MySQL Brute\r\n\r\n### MySQL brute-forcer.\r\n\r\n##### MySQL Brute v.0.12\r\n\r\n\r\n[1]: https://tinram.github.io/images/mysqlbrute.png\r\n![mysqlbrute][1]\r\n\r\n\r\n## Purpose\r\n\r\nBrute force a MySQL user using a wordlist file.\r\n\r\nMySQL Brute was created for MySQL localhost account recovery  \r\ne.g.\r\n\r\n+ root account inaccessible\r\n+ mysqld not able to be restarted in safe mode for root reset\r\n+ user password is lost.\r\n\r\nPLESK-managed MySQL *admin* user is a candidate.\r\n\r\n\r\n## OS\r\n\r\n+ Linux\r\n\r\n\r\n## Usage\r\n\r\n```bash\r\n    ./mysqlbrute --help / no switches\r\n\r\n    ./mysqlbrute -h \u003chost\u003e -u \u003cusername\u003e -f \u003cwordlist_file\u003e\r\n\r\n    ./mysqlbrute -h localhost -u wordpress -f top_100000.txt\r\n```\r\n\r\nDownload a password-only wordlist e.g. [Daniel Miessler's](https://github.com/danielmiessler/SecLists/tree/master/Passwords) (others can be username:password combinations).\r\n\r\nAlternatively a simple wordlist for testing can be the Linux dictionary (Debian path):\r\n\r\n```bash\r\n    ./mysqlbrute -h localhost -u \u003cusername\u003e -f /usr/share/dict/words\r\n```\r\n\r\n`MAX_WORD_LEN` of `50` in *mysqlbrute.c* is okay for most wordlists. However, some wordlists have borked entries (e.g. long email addresses included). For such wordlists, increase `MAX_WORD_LEN` to `140` (or more precisely, the output of `wc -L \u003cwordlist_file\u003e` + 1), and re-compile the source to avoid the resultant buffer overrun / segfault.\r\n\r\nOther options:\r\n\r\n```bash\r\n    -p \u003cport_number\u003e\r\n```\r\n\r\n## Executables\r\n\r\n+ x86 64-bit\r\n+ ARM 32-bit\r\n\r\nDownload the executables from [Releases](https://github.com/Tinram/MySQL-Brute/releases/latest).\r\n\r\n\r\n## Speed\r\n\r\nMySQL Brute churns through approximately 20,000 passwords per second (vanilla Core i3 desktop CPU) on a Unix localhost socket connection \u0026ndash; considerably faster than the Bash and Python scripts I tried before creating MySQL Brute (and curiously, faster than the vaunted multi-threaded *Hydra*). However, when using a network connection, MySQL Brute is much slower \u0026ndash; around 1,000 per second on a local network.\r\n\r\nMySQL Brute's speed bottlenecks are:\r\n\r\n+ MySQL connect ( `mysql_real_connect()` ),\r\n+ MySQL spawning only a limited number of threads for connections,\r\n+ if not a localhost connection, the network connection (MySQL localhost connection uses a socket instead of TCP/IP).\r\n\r\nIf more speed is needed, there is 0x0mar's multi-threaded [Mysql-bruteforce](https://github.com/0x0mar/Mysql-bruteforce) or [my fork](https://github.com/Tinram/Mysql-bruteforce) of this.\r\n\r\n\r\n### Hydra Comparison\r\n\r\n```bash\r\n    hydra -l wordpress -P top_100000.txt -t 4 -F localhost mysql\r\n```\r\n\r\n(As per the example in **Usage**, using 4 threads, ~1,050 tries per second on a Core i3.)\r\n\r\n### Nmap Comparison\r\n\r\nNmap has a MySQL attack script which cycles through common usernames.\r\n\r\nOn the same Core i3:\r\n\r\n*Statistics: Performed 50009 guesses in 9 seconds, average tps: 5556*\r\n\r\n\r\n## Diagnosing Remote MySQL Connections\r\n\r\nUnless you intimately know the MySQL set-up on a remote server, some of MySQL's configuration can silently (and righteously) impede MySQL Brute.\r\n\r\nFirst attempt to connect to a remote MySQL connection from the terminal (use any random input when prompted for password):\r\n\r\n```bash\r\n    mysql -h \u003cip_addr\u003e -u wordpress -p\r\n```\r\n\r\n*ERROR 1045 (28000): Access denied for user 'wordpress'@'host' (using password: YES)*\r\n\r\n... shows MySQL is accepting remote user connections.\r\n\r\n*ERROR 2003 (HY000): Can't connect to MySQL server on 'host' (111)*\r\n\r\n... will be the bind address locked to localhost or a blocking firewall rule, or both.\r\n\r\n### Checklist\r\n\r\n+ `bind-address = 127.0.0.1` (*my.cnf*; if line present: comment out with `#`, then restart mysqld)\r\n+ `skip-networking` (*my.cnf* \u0026ndash; disables TCP/IP; if line present, comment out with `#`, then restart mysqld)\r\n+ firewall rules\r\n+ `mysql\u003e SELECT host, user FROM mysql.user;`\r\n\r\n---\r\n    +-------------+------------+\r\n    | host        | user       |\r\n    +-------------+------------+\r\n    | localhost   | wordpress  |\r\n    | 10.0.0.%    | xyz        |\r\n    +-------------+------------+\r\n---\r\n... no remote connection permitted for user *wordpress*, but local network access for user *xyz*.\r\n\r\n+ mysqld can listen on a port other than 3306 (for port 3307, use `mysqlbrute ... -p 3307`)\r\n+ mysqld is down (on the server command-line, use: `pgrep mysql` \u0026ndash; no number output means mysqld is not running).\r\n\r\n\r\n## Build\r\n\r\n### Linux\r\n\r\n\r\n#### Make Installation\r\n\r\n##### MySQL libraries (see further below for MariaDB).\r\n\r\n```bash\r\n    make deps \u0026\u0026 make \u0026\u0026 make install\r\n```\r\n\r\n(Assumes *libmysqlclient-dev* and *libssl-dev* libraries are not installed.)\r\n\r\n\r\n#### Manual Installation\r\n\r\n#### MySQL Libraries\r\n\r\nEnsure the *libmysqlclient-dev* and *libssl-dev* dependencies (from distro repo) are installed:\r\n\r\n```bash\r\n    locate libmysqlclient-dev\r\n    locate libssl-dev\r\n```\r\n\r\nIf `locate` does not find each library, install on Debian-based distros with:\r\n\r\n```bash\r\n    make deps\r\n```\r\n\r\nor:\r\n\r\n```bash\r\n    sudo apt install libmysqlclient-dev libssl-dev\r\n```\r\n\r\nIn the directory containing either the clone or the extracted zip files, compile with GCC:\r\n\r\n```bash\r\n    make\r\n```\r\n\r\nor:\r\n\r\n**GCC:**\r\n\r\n```bash\r\n    gcc mysqlbrute.c $(mysql_config --cflags) $(mysql_config --libs) -o mysqlbrute -Ofast -Wall -Wextra -Wuninitialized -Wunused -Werror -std=gnu99 -s\r\n```\r\n\r\n**Clang:**\r\n\r\n```bash\r\n    clang mysqlbrute.c $(mysql_config --cflags) $(mysql_config --libs) -o mysqlbrute -O3 -Wall -Wextra -Wuninitialized -Wunused -Werror -std=gnu99 -s\r\n```\r\n\r\n#### MariaDB Libraries\r\n\r\nDelete *makefile* and rename *makefile_mariadb* to *makefile*.\r\n\r\n```bash\r\n    make deps \u0026\u0026 make \u0026\u0026 make install\r\n```\r\n\r\nor:\r\n\r\n```bash\r\n    sudo apt install libmariadb-dev libssl-dev\r\n    make\r\n```\r\n\r\n([h0ek](https://github.com/h0ek) also specifies *libmariadb-dev-compat* as a dependency; in testing on Ubuntu 18.04 this library was not required for compilation, but it may well be in other scenarios.)\r\n\r\nor:\r\n\r\n**GCC:**\r\n\r\n```bash\r\n    gcc mysqlbrute.c $(mariadb_config --cflags) $(mariadb_config --libs) -o mariabrute -Ofast -Wall -Wextra -Wuninitialized -Wunused -Werror -std=gnu99 -s\r\n```\r\n\r\n\r\n## Other\r\n\r\n### Warning\r\n\r\nMySQL Brute will rapidly enlarge the MySQL error log files:\r\n\r\n+ version 5.x \u0026ndash; */var/log/mysql/error.log*\r\n+ version 8 \u0026ndash; */var/lib/mysql/\u0026lt;pc_name\u0026gt;.log* (with `general_log` variable enabled)\r\n\r\n\u003csmall\u003e(locations for Debian-based distros)\u003c/small\u003e\r\n\r\n### Location\r\n\r\nIt may be more convenient for MySQL Brute to be available from any directory location via the *$PATH* system variable (rather than copying the executable file to the directory where needed).\r\n\r\n```bash\r\n    make install\r\n```\r\n\r\nOr move the *mysqlbrute* executable to a location such as */usr/local/bin* (location must be present in *$PATH*).\r\n\r\n\r\n## Credits\r\n\r\n+ MMxM: slow Bash script that inspired.\r\n+ Vivek Gite: MySQL libraries compiling.\r\n+ Tim Čas: elegant EOL removal.\r\n+ Ben Alpert: microsecond timer.\r\n\r\n\r\n## License\r\n\r\nMySQL Brute is released under the [GPL v.3](https://www.gnu.org/licenses/gpl-3.0.html).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinram%2Fmysql-brute","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinram%2Fmysql-brute","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinram%2Fmysql-brute/lists"}