Skip to content

auxiliary enum phpmyadmin auth_bruteforce

Jump to bottom Edit New page
nanoCoder edited this page Dec 14, 2011 · 3 revisions

Author(s):

forced-request

Description:

This is a brute force authentication module for phpmyadmin.

Module Options:

DIR       phpmyadmin                        true       Directory in which phpmyadmin resides
PASSLIST                                    true       Location of password list
PROXYA                                      false      Proxy IP Address
PROXYP                                      false      Proxy Port Number
RURL      http://www.example.com/test.php   true       Target address
THROTTLE  0                                 false      Specify a number, after x requests we pause
USERNAME  root                              true       Username to enumerate
VERBOSE                                     false      Show verbose output?

Options Explained (Module Specific):

DIR -- Provide Directory in which the phpmyadmin resides.

PASSLIST -- Provide path to password file for brute force.

RURL -- Provide Remote URL (RURL) which hosts the phpmyadmin website.

USERNAME -- Provide Username if enumerated.

Real world example:

We'd like to brute force authentication on of a website running phpmyadmin. The remote RURL is http://websiterunningphpmyadmin.com/. The commands are:

set DIR /phpmyadmin
set PASSLIST /pentest/passwords/john/password.lst
set RURL http://websiterunningphpmyadmin.com/
set USERNAME admin
run
Add a custom footer
Add a custom sidebar
Clone this wiki locally