In
this article, we will learn how to gain control over our victim's PC through
mysql service via port 3306. There are various ways to do it and let take time
and learn all those because different circumstances call for different measure.
Medusa
Medusa
is intended to be a speedy, massively parallel, modular, login brute-forcer. It
supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion,
and VNC to name a few
Run the following command
Medusa -h 192.168.1.106
–U /root/Desktop/user.txt –P
/root/Desktop/pass.txt –M mysql
Here
-U:
denotes path for username list
-P: denotes path for password list
As you can observe that we had successfully grabbed the telnet
username as root and password as toor.
Ncrack
Ncrack
is a high-speed network authentication cracking tool. It was built to help
companies secure their networks by proactively testing all their hosts and
networking devices for poor passwords.
Run
the following command
ncrack –v
–U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.1.106:3306
Here
-U:
denotes path for username list
-P: denotes path for password list
As you can observe that we had successfully grabbed the telnet
username as root and password as toor.
xHydra
This is the graphical version to apply dictionary attack
via 3306 port to hack a system. For this method to work:
Open xHydra
in your kali. And select Single Target
option and their give the IP of your victim PC. And select MYSQL in box
against Protocol option and
give the port number 3306
against the port option.
Now,
go to Passwords tab and
select Username List and
give the path of your text file, which contains usernames, in the box adjacent
to it.
Then
select Password List and give the path of your text file, which contains all
the passwords, in the box adjacent to it.
After doing this, go to Start tab and click on Start button on the
left.
Now,
the process of dictionary attack will start. Thus, you will attain the username
and password of your victim.
Hydra
Hydra
is often the tool of choice. It can perform rapid dictionary attacks against
more than 50 protocols, including telnet, ftp, http, https, smb, several
databases, and much more
Now,
we need to choose a wordlist. As with any dictionary attack, the wordlist is
key. Kali has numerous wordlists built right in.
Run
the following command
hydra –L/root/Desktop/user.txt –P
/root/Desktop/pass.txt 192.168.1.106 mysql
-L:
denotes path for username list
-P: denotes path for password list
Once the commands are executed it will start applying the
dictionary attack and so you will have the right username and password in no
time. As
you can observe that we had successfully grabbed the telnet username as root and password as toor.
Metasploit
This module simply queries
the MySQL instance for a specific user/pass (default is root with blank).
msf > use auxiliary/scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set rhosts
192.168.1.106
msf auxiliary(mysql_login) > set user_file
/root/Desktop/users.txt
msf auxiliary(mysql_login) > set pass_file
/root/Desktop/password.txt
msf auxiliary(mysql_login) > set
stop_on_success true
msf auxiliary(mysql_login) > run
This will start brute force attack and try to match
the combination for valid username and password using user.txt and pass.txt
file.
From
given image you can observe that our mysql server is not secure against brute
force attack because it is showing matching combination of username:
root and password: toor for login.
Once
the attacker retrieves the valid credential he can directly login into mysql
server for stealing or destroying the database information.
0 comments:
Post a Comment