HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ). HexorBase allows packet routing through proxies or even Metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.
To run hexorbase in Kali Linux click application > database assessment > hexorbase
Another way, open the terminal and type hexorbase.
It will open a graphical interface for hexorbase as given in the screenshot. It is the collection of several database servers where you can apply brute force attack on the desired server.
Now to start a brute force attack, first, you need to create an account. In the middle, you can see administration panel here type username and password according to your wills. I had type admin: pass as username and password this will allow me to start brute force attack using hexor on the desired backend server.
Now choose your database type. I have selected MY SQL for brute force attack.
Now follow few steps for brute force attack on the server.
- Type target IP: 168.1.104 under database connection.
- Now click on user list for dictionary attack option and select a dictionary of username.
- Repeat the above step for word list to select the password list.
- Finally, click on lunch attack to start a brute force attack.
Now it will try to match the combination of username and password on target IP. After sometime when the process is completed 100% you will get matched combination as result. You can perceive from the screenshot that I have got username and password combination as msfadmin:msfadmin for MYSQL server.
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here