This repository has been archived by the owner on Feb 6, 2023. It is now read-only.
/
mysql_open.go
96 lines (84 loc) · 2.25 KB
/
mysql_open.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package tcp
import (
"context"
"database/sql"
"fmt"
"github.com/LeakIX/l9format"
"github.com/go-sql-driver/mysql"
_ "github.com/go-sql-driver/mysql"
"log"
"net"
)
type MysqlWeakPlugin struct {
l9format.ServicePluginBase
}
func (MysqlWeakPlugin) GetVersion() (int, int, int) {
return 0, 0, 1
}
func (MysqlWeakPlugin) GetProtocols() []string {
return []string{"mysql"}
}
func (MysqlWeakPlugin) GetName() string {
return "MysqlWeakPlugin"
}
func (MysqlWeakPlugin) GetStage() string {
return "open"
}
var verQueryString = "select @@version_comment, @@version, concat(@@version_compile_os, \" \", @@version_compile_machine);"
func (plugin MysqlWeakPlugin) Run(ctx context.Context, event *l9format.L9Event, options map[string]string) bool {
for _, username := range usernames {
for _, password := range passwords {
dsn := fmt.Sprintf("%s:%s@l9tcp(%s)/information_schema?readTimeout=3s&timeout=3s&writeTimeout=3s", username, password, net.JoinHostPort(event.Ip, event.Port))
log.Printf("Trying: %s", dsn)
db, err := sql.Open("mysql", dsn)
err = db.PingContext(ctx)
if err != nil {
db.Close()
if _, isMysqlError := err.(*mysql.MySQLError); !isMysqlError {
log.Println(err.Error())
log.Println("Not a mysql error, leaving early")
return false
}
continue
}
// Try to populate info for the service
verQuery, err := db.QueryContext(ctx, verQueryString)
if err == nil {
if verQuery.Next() {
verQuery.Scan(&event.Service.Software.Name, &event.Service.Software.Version, &event.Service.Software.OperatingSystem)
}
}
db.Close()
log.Println("Mysql authed, default password")
event.Service.Credentials = l9format.ServiceCredentials{
NoAuth: false,
Username: username,
Password: password,
}
event.Summary = "No or default MySQL authentication found."
return true
}
}
return false
}
var usernames = []string{
"root",
}
var passwords = []string{
"",
"root",
"toor",
"t00r",
"r00t",
"mysql",
"sql",
"123456",
"admin",
}
func (plugin MysqlWeakPlugin) Init() error {
mysql.RegisterDialContext("l9tcp", func(ctx context.Context, remoteAddr string) (net.Conn, error) {
return plugin.DialContext(ctx, "tcp", remoteAddr)
})
log.Println("Registered l9tcp mysql dialer")
return nil
}