Fingerprinting MySQL Version

176
◾ 
Ethical Hacking and Penetration Testing Guide
mysql –u root –p toor
grant all on *.* to name@localhost identified by ‘password’;
Make sure that you have added the password “toor” to the wordlist, which you would use to 
crack the MySQL account. Next, you need to start MySQL service. You can easily do it by issuing 
the following command in the terminal:
root@root:/etc/init.d/mysql start
We can use both Hydra and Medusa to crack a MySQL password; both of them support it. 
From Hydra, all we need to do is issue the following command:
hydra –l root –P/pentest/passwords/wordlist/darkcode.lst 192.168.75.140 
mysql
Alternatively, we can also use a Metasploit auxiliary module to test for MySQL weak 
credentials. Here is how we can do it:
Step 1
—Launch Metasploit by typing “msfconsole”.
Step 2
—Issue the following command—use 
auxiliary/scanner/mysql/mysql_ 
login
Step 3
—Type the IP address of the target after SET RHOSTS command.
Step 4
—Define a 
USER _ FILE
that contains the list of all possible usernames.
Step 5
—Define a 
PASS _ FILE
that contains the list of all possible passwords.
Step 6
—Finally, type run to execute the module.
Once we have managed to crack the credentials, we can log in to MySQL server and start manipu-
lating things by typing the following command from the console:
root@root: mysql –h –u root –p
MS SQL Servers
MS SQL is the Microsoft version of SQL server. Unlike in MySQL servers, there are various other 
attacks we can perform against some old versions of MS SQL server, for example, in SQL server 
2000. The stored procedure 
XP _ CMDSHELL
is enabled by default, so we can take advantage 
of it and execute some commands. We will discuss this when we get to exploiting SQL injection 
attacks with web applications.

Remote Exploitation
◾ 

Yüklə 22,44 Mb.

Dostları ilə paylaş: