HexorBase is a database application designed for
administering and auditing multiple database servers simultaneously from a
centralized location, it is capable of performing SQL queries and bruteforce
attacks against common database servers (MySQL, SQLite, Microsoft SQL Server,
Oracle, PostgreSQL ). HexorBase allows packet routing through proxies or even
metasploit pivoting antics to communicate with remotely inaccessible servers
which are hidden within local subnets.
To run hexorbase in kali
Linux click application > database assessment > hexorbase
Another way, open the terminal and type hexorbase.
It
will open graphical interface for hexorbase as given in the screenshot. It is
the collection of several database servers where you can apply brute force
attack on desired server.
Now
to start brute force attack, first you need to create an account. In the middle
you can see administration panel
here type username and password according to your wills. I had
type admin: pass as username and
password this will allow me to start brute force attack using hexor on desired
backend server.
Now choose your database type. I have selected MY SQL for
brute force attack.
Now follow few steps for brute force attack on server.
·
Type target IP: 192.168.1.104 under database
connection.
·
Now click
on user list for dictionary attack option and select a
dictionary of username.
·
Repeat the above step for word list to select password list.
·
Finally click
on lunch attack to start brute force
attack.
Now
it will try to match the combination of username and password on target IP.
After sometime when the process is completed 100% you will get matched
combination as result. You can perceive from screenshot that I have got
username and password combination as msfadmin:msfadmin
for MYSQL server.
0 comments:
Post a Comment