mysql_enum
该“mysql_enum”模块将连接到远程MySQL数据库服务器与一组给定的凭据,并在其上执行一些基本的枚举。
msf > use auxiliary/admin/mysql/mysql_enum
msf auxiliary(mysql_enum) > show options
Module options (auxiliary/admin/mysql/mysql_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no The password for the specified username
RHOST yes The target address
RPORT 3306 yes The target port
USERNAME no The username to authenticate as
要配置模块,我们为PASSWORD,RHOST和USERNAME提供值,然后让它针对目标运行。
msf auxiliary(mysql_enum) > set PASSWORD s3cr3t
PASSWORD => s3cr3t
msf auxiliary(mysql_enum) > set RHOST 192.168.1.201
RHOST => 192.168.1.201
msf auxiliary(mysql_enum) > set USERNAME root
USERNAME => root
msf auxiliary(mysql_enum) > run
[*] Running MySQL Enumerator...
[*] Enumerating Parameters
[*] MySQL Version: 5.1.41
[*] Compiled for the following OS: Win32
[*] Architecture: ia32
[*] Server Hostname: xen-xp-sploit
[*] Data Directory: C:\xampp\mysql\data\
[*] Logging of queries and logins: OFF
[*] Old Password Hashing Algorithm OFF
[*] Loading of local files: ON
[*] Logins with old Pre-4.1 Passwords: OFF
[*] Allow Use of symlinks for Database Files: YES
[*] Allow Table Merge:
[*] SSL Connection: DISABLED
[*] Enumerating Accounts:
[*] List of Accounts with Password Hashes:
[*] User: root Host: localhost Password Hash: *58C036CDA51D8E8BBBBF2F9EA5ABF111ADA444F0
[*] User: pma Host: localhost Password Hash: *602F8827EA283047036AFA836359E3688401F6CF
[*] User: root Host: % Password Hash: *58C036CDA51D8E8BBBBF2F9EA5ABF111ADA444F0
[*] The following users have GRANT Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have CREATE USER Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have RELOAD Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have SHUTDOWN Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have SUPER Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have FILE Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following users have POCESS Privilege:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following accounts have privileges to the mysql databse:
[*] User: root Host: localhost
[*] User: root Host: %
[*] The following accounts are not restricted by source:
[*] User: root Host: %
[*] Auxiliary module execution completed
msf auxiliary(mysql_enum) >
mysql_sql
该“mysql_sql”模块时,与一组有效凭证提供的远程服务器上执行SQL查询。
msf > use auxiliary/admin/mysql/mysql_sql
msf auxiliary(mysql_sql) > show options
Module options (auxiliary/admin/mysql/mysql_sql):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no The password for the specified username
RHOST yes The target address
RPORT 3306 yes The target port
SQL select version() yes The SQL to execute.
USERNAME no The username to authenticate as
为了配置模块,我们提供了PASSWORD,RHOST和USERNAME设置,我们将保留默认查询来提取服务器版本。
msf auxiliary(mysql_sql) > set PASSWORD s3cr3t
PASSWORD => s3cr3t
msf auxiliary(mysql_sql) > set RHOST 192.168.1.201
RHOST => 192.168.1.201
msf auxiliary(mysql_sql) > set USERNAME root
USERNAME => root
msf auxiliary(mysql_sql) > run
[*] Sending statement: 'select version()'...
[*] | 5.1.41 |
[*] Auxiliary module execution completed
msf auxiliary(mysql_sql) >