Module options (auxiliary/scanner/mysql/mysql_login): Msf auxiliary(mysql_login) > show options Msf > use auxiliary/scanner/mysql/mysql_login This is a brute-force login exploit for MySQL. If we look for mysql exploits in metasploit, we find this one:
|_ Salt: is a very old version of MySQL (5.0.5, the current version is 5.7.11). | Some Capabilities: Support41Auth, SupportsTransactions, Speaks41ProtocolNew, SwitchToSSLAfterHandshake, ConnectWithDatabase, LongColumnFlag, SupportsCompression We saw it had multiple services running, including MySQL.ģ306/tcp open mysql MySQL 5.0.51a-3ubuntu5 We've just done some recon of the Metasploitable box, which is at 10.0.0.27. See Metasploitable for walkthrough of different parts of Metasploitable virtual box. See MSF for context of how we are using the Metasploit framework. 2.6 Dump MySQL Database Contents (mysqldump).2.5 Dump MySQL Database Contents (mysqlshow).2.4 Dump MySQL Database Contents (SQL Commands).2.2 Obtain /etc/passwd from MySQL with Metasploit.
0 kommentar(er)
