MySQL Exploit with Metasploit Ryan Boyce
Machines Attacker – 192.168.252.128 Remote Host – 192.168.252.130 Kali Linux 2016.2 Virtual Machine / Metasploit Linux Metasploitable 2.6.24-16-server Virtual Machine / MySQL Server
Nmap Nmap reveals many open vulnerabilities in the remote host, including: Open_ftp with anonymous login Rpcbind (mapping to network shares) Apache Server Most notably, though… MySQL server!
MySQL Exploits (mysql_version) (mysql_login) Confirm SQL version from nmap: Nmap was correct and MySQL is running on port 3306 Test usernames/passwords with mysql_login:
Gaining Access to DB From terminal on Kali VM, it is possible to test connection with verified ‘root’ user found in exploit: ‘root’ user is not password protected, access to DB is granted from terminal:
Browsing Remote DB Personally identifiable information is easily extracted with simple SQL commands:
Corrupting Data It is also possible to corrupt/delete data with terminal access as ‘root’ user: