Let’s try mysql_login module first to crack some valid credentials of the MYSQL. Start METASPLOIT in Kali Linux. Type use command to load the module:
Type options to see the current settings of this module:
Now create a file including a list of common usernames. I just prepared a short list for the demonstration purpose but in real, publicly available longer lists have been used to crack the credentials. Name it as you want:
Add some common usernames and save it:
Again, create a file containing common passwords. Usually a longer list has been used but as it will take more time to complete the module, we will keep it short. Add the passwords and save the file:
Set the created files i.e. ehacking_user.txt and passwords.txt to read the usernames and passwords from these files:
As MYSQL gives permission to login with a blank password therefore set this option true to check for blank passwords:
Set the target IP address. Use setg command to set this option globally since we are going to execute all modules on the same target:
All settings are done now run the module by typing exploit:
Type options to see the current settings of this module:
Now create a file including a list of common usernames. I just prepared a short list for the demonstration purpose but in real, publicly available longer lists have been used to crack the credentials. Name it as you want:
Add some common usernames and save it:
Again, create a file containing common passwords. Usually a longer list has been used but as it will take more time to complete the module, we will keep it short. Add the passwords and save the file:
Set the created files i.e. ehacking_user.txt and passwords.txt to read the usernames and passwords from these files:
As MYSQL gives permission to login with a blank password therefore set this option true to check for blank passwords:
Set the target IP address. Use setg command to set this option globally since we are going to execute all modules on the same target:
All settings are done now run the module by typing exploit: