DBPwAudit

Description

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

The tool has been tested and known to work with:

  • Microsoft SQL Server 2000/2005

  • Oracle 8/9/10/11

  • IBM DB2 Universal Database

  • MySQL

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues.

Usage

Syntax

DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

Options

	-s - Server name or address.
	-p - Port of database server/instance.
	-d - Database/Instance name to audit.
	-D - The alias of the driver to use (-L for aliases)
	-U - File containing usernames to guess.
	-P - File containing passwords to guess.
	-L - List driver aliases.

Setting Up

As dbpwaudit does not ship with Drivers . We have to download them on our own , These are the links to  download them :

Links to JDBC Drivers

MySQL
Microsoft SQL Server 2005
Microsoft SQL Server 2000
Oracle

 

After Downloading Extract it , in our case MySQL . You will a mysql connector  jar file .Copy this .jar file to /pentest/database/dbpwaudit/jdbc

Now we have to set the class path :

cyborg@cyborg:~$ export CLASSPATH=/pentest/database/dbpwaudit/jdbc/mysql-connector-java-5.1.36-bin.jar:$CLASSPATH

Example

cyborg@cyborg:~$ sudo dbpwaudit -s 192.168.1.7 -d testdb -D MySQL -U /home/cyborg/Documents/user.txt -P /home/cyborg/Documents/password.txt 
DBPwAudit v0.8 by Patrik Karlsson <[email protected]>
----------------------------------------------------
[Thu Sep 17 17:07:53 IST 2015] Starting password audit ...
[Thu Sep 17 17:07:53 IST 2015] Testing user: root, pass: toor
[Thu Sep 17 17:07:54 IST 2015] Finnishing password audit ...

Results for password scan against 192.168.1.7 using provider MySQL
------------------------------------------------------------------
user: cyborg pass: toor
Tested 1 passwords in 0.721 seconds (1.3869625tries/sec)
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?