# MySQL Enum

### CheckList

* Check for version
* Try passwordless connection,authentication
* If authenticated try to access database, tables. 
* See if you can upload shell.

### MySQL nmap scripts

```
nmap -sV -Pn -vv  10.10.10.10 -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122
```

### Brute-Force credentials

```
hydra -l root -P /usr/share/wordlists/rockyou.txt 10.10.10.10 mysql -t 4
```

### Try to login to MYSQL target

```
mysql -h 10.10.10.10 -u root -p
```