Warriors.to Underground Forum - Hack Forum - Leak Forum
  • Home
  • Forums
    New posts Search forums
  • Resources
    Latest reviews Search resources
  • Members
    Current visitors New profile posts Search profile posts
  • Awards
  • Chat 0
Log in Register
What's new Search

Search

By:
Advanced search…
Warriors.to Underground Forum - Hack Forum - Leak Forum
    • Home
    • Forums
    • Underground
    • Web Hacking/Security
  • Home
  • Forums
  • Underground
  • Web Hacking/Security
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

MySQL Penetration Testing with Nmap

  • Thread starter Lexter
  • Start date Nov 30, 2022
L

Lexter

Member
Messages
27
Joined
Nov 30, 2022
Reaction score
21
Points
3
wCoin
508
  • Nov 30, 2022
  • #1
In this article, we are discussing MYSQL penetration testing using Nmap where you will learn how to retrieve database information such as database name, table’s records, username, password and etc.

MySQL is an open Source for Relational Database Management System that uses structured query language for generating database record.

Let’s Begin !!!

Scanning for port 3306
open the terminal and type following command to check MySQL service is activated on the targeted system or not, basically MySQL service is activated on default port 3306.

Please, Log in or Register to view quote content!
Click to expand...

From the given image you can observe port 3306 is open for MySQL service, now let’s enumerate it.

-------------
Retrieve MySQL information
-------------
Now type another command to retrieve MySQL information such as version, protocol and etc:

Please, Log in or Register to view quote content!
Click to expand...

Above command try to connect to with MySQL server and hence prints information such as the protocol: 10, version numbers: 5.5.57 -0 ubuntu0.14.04.1, thread ID: 159, status: auto-commit, capabilities, and the password salt as shown in given below image.

-------------
Brute force attack
------------
This command will use the dictionary for username and password and then try to match the username and password combination by making brute force attack against mysql.
Please, Log in or Register to view quote content!
Click to expand...
From the given image you can observe that it found the valid credential root: toor. This credential will help indirectly login into MYSQL server.

Retrieve MySQL usernames​

This command will fetch MySQL users name which helps of given argument MySQL user root and mysqlpass toor.
Please, Log in or Register to view quote content!
Click to expand...

Retrieve database names​


This command will fetch MySQL database name which helps of given argument mysqluser root and mysqlpass toor.

Please, Log in or Register to view quote content!
Click to expand...
From given below image you can read the name of created database such as ignite
From given below image you can see we had found four usernames: root, Debian-sys-maint, sr, st.

This command will also perform the same task as above but retrieve database name using MySQL query “show database”

Please, Log in or Register to view quote content!
Click to expand...

From given below image you can read the name of created database such as ignite.

Retrieve Hash Dump​

This command will Dumps the password hashes from a MySQL server in a format suitable for cracking by tools such as John the Ripper.
Please, Log in or Register to view quote content!
Click to expand...
From the given image you can observe that it has dumped the hash value of passwords of the respective user which we have enumerated above.
 
You must log in or register to reply here.
Share:
Facebook X (Twitter) Reddit Pinterest Tumblr WhatsApp Email Share Link
  • Home
  • Forums
  • Underground
  • Web Hacking/Security


About Warriors.to

It is a real Turkish hacking forum. It was established in 2022 and its aim is to respond to the attacks against Turkey and gather Turkish hackers under one roof.
Gerçek Türk Hack Forumudur. 2022 yılında kurulmuş olup amacı Türkiye'ye yönelik saldırılara karşılık vermek ve Türk hackerları tek çatı altında toplamaktır.

Forum Navigation

  •   Yönetici Listesi
  •   Üye Listesi
  •   Arama Yap

Yardım

  •   Forum Dökümanları

Hesap

  •   Kontrol Panel
  • English (US)
  • Contact us
  • Help
  • Home
  • RSS
Theme Made by W4H9LT 
Advanced Forum Stats, Awards System by AddonFlare - Premium XF2 Addons
Some of the add-ons on this site are powered by XenConcept™ ©2017-2025 XenConcept Ltd. (Details)
| Xenforo Add-ons © by ©XenTR
Top Bottom