Aller au contenu

Généralités

Base de données SQL, port 3306, TCP

Enumération

1
nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $ip

Brute force

1
hydra -l monUser -P /usr/share/seclists/Passwords/xato-net-10-million-passwords-1000000.txt $ip mysql

Metasploit

1
2
3
4
5
6
auxiliary/scanner/mysql/mysql_version
auxiliary/scanner/mysql/mysql_authbypass_hashdump
auxiliary/scanner/mysql/mysql_hashdump 
auxiliary/admin/mysql/mysql_enum 
auxiliary/scanner/mysql/mysql_schemadump  
exploit/windows/mysql/mysql_start_up

Brute force user/password:

1
auxiliary/scanner/mysql/mysql_login

Configuration potentiellement dangereuse

Settings Description
user Sets which user the MySQL service will run as.
password Sets the password for the MySQL user.
admin_address The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug This variable indicates the current debugging settings
sql_warnings This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv This variable is used to limit the effect of data import and export operations.