https://lms.onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Forensic%3A_nmap_mysql-brute.nse_attack_%28en%29
Forensic: nmap mysql-brute.nse attack (en) - Revision history
2026-04-27T06:09:34Z
Revision history for this page on the wiki
MediaWiki 1.45.1
https://lms.onnocenter.or.id/wiki/index.php?title=Forensic:_nmap_mysql-brute.nse_attack_(en)&diff=71303&oldid=prev
Unknown user: /* Understanding mysql-brute.nse Attacks */
2024-12-04T12:29:01Z
<p><span class="autocomment">Understanding mysql-brute.nse Attacks</span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:29, 4 December 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l17">Line 17:</td>
<td colspan="2" class="diff-lineno">Line 17:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Example Nmap Commands:'''</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Example Nmap Commands:'''</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> wget https://svn.nmap.org/nmap/scripts/mysql-brute.nse</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> nmap -sC -sV --script mysql-brute.nse -p 3306 <target_ip></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> nmap -sC -sV --script mysql-brute.nse -p 3306 <target_ip></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> nmap --script=mysql-brute <target></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> nmap --script=mysql-brute <target></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> <del style="font-weight: bold; text-decoration: none;">Nmap </del>-sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> <ins style="font-weight: bold; text-decoration: none;">nmap </ins>-sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> <del style="font-weight: bold; text-decoration: none;">Nmap </del>-sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> <ins style="font-weight: bold; text-decoration: none;">nmap </ins>-sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* `-sC`: Performs default scanning.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* `-sC`: Performs default scanning.</div></td></tr>
</table>
Unknown user
https://lms.onnocenter.or.id/wiki/index.php?title=Forensic:_nmap_mysql-brute.nse_attack_(en)&diff=70947&oldid=prev
Unknown user: Created page with "Sure! Here’s the translation to English: ==Understanding mysql-brute.nse Attacks== '''What is mysql-brute.nse?''' * It is an Nmap script specifically designed to perform..."
2024-10-19T02:47:18Z
<p>Created page with "Sure! Here’s the translation to English: ==Understanding mysql-brute.nse Attacks== '''What is mysql-brute.nse?''' * It is an Nmap script specifically designed to perform..."</p>
<p><b>New page</b></p><div>Sure! Here’s the translation to English:<br />
<br />
==Understanding mysql-brute.nse Attacks==<br />
<br />
'''What is mysql-brute.nse?'''<br />
<br />
* It is an Nmap script specifically designed to perform brute-force attacks on MySQL servers.<br />
* A brute-force attack is a systematic attempt to guess passwords by trying all possible character combinations.<br />
* In the context of MySQL, the target is typically the root password or other users with access to the database.<br />
<br />
'''How Does This Attack Work?'''<br />
<br />
# '''Target Identification:''' The attack starts by identifying vulnerable MySQL servers.<br />
# '''Password List:''' The script then tries various password combinations from a predefined or randomly generated list.<br />
# '''Authentication:''' Each password combination is tested to authenticate access to the database.<br />
# '''Success:''' If the correct combination is found, the attacker successfully gains access to the database.<br />
<br />
'''Example Nmap Commands:'''<br />
<br />
nmap -sC -sV --script mysql-brute.nse -p 3306 <target_ip><br />
nmap --script=mysql-brute <target><br />
Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100<br />
Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100<br />
<br />
* `-sC`: Performs default scanning.<br />
* `-sV`: Determines service version.<br />
* `--script mysql-brute.nse`: Runs the mysql-brute.nse script.<br />
* `-p 3306`: Targets port 3306 (the default MySQL port).<br />
* `<target_ip>`: Replace with the target IP address.<br />
<br />
==Example Attack and Impact==<br />
<br />
* '''Scenario:''' An attacker wants to gain access to a company’s database to steal customer data.<br />
* '''Action:''' The attacker runs the above Nmap command using a list of commonly used passwords.<br />
* '''Impact:'''<br />
** '''Data Theft:''' The attacker can access and steal sensitive data such as customer personal information, financial data, or business secrets.<br />
** '''Data Destruction:''' The attacker can modify, delete, or corrupt data in the database.<br />
** '''Server Takeover:''' In some cases, the attacker can exploit access to the database to gain access to the entire server.<br />
<br />
==Forensics of mysql-brute.nse Attacks==<br />
<br />
'''Forensic Objectives:'''<br />
<br />
* '''Attack Identification:''' Determine whether the system has been targeted by a MySQL brute-force attack.<br />
* '''Trace Analysis:''' Collect and analyze digital evidence to identify the attacker and methods used.<br />
* '''System Recovery:''' Restore the system to a secure state and prevent similar attacks in the future.<br />
<br />
'''Forensic Steps:'''<br />
<br />
1. '''Collect Evidence:'''<br />
* '''Server Logs:''' Check MySQL server logs, operating system logs, and firewall logs for suspicious activities, such as repeated failed login attempts.<br />
* '''Configuration Files:''' Inspect MySQL configuration files for unusual changes.<br />
* '''Database:''' Create a copy of the database for further analysis.<br />
2. '''Analyze Evidence:'''<br />
* '''Failed Login Attempts:''' Identify patterns in failed login attempts.<br />
* '''Configuration Changes:''' Look for unauthorized changes in configuration files.<br />
* '''Unusual Activity:''' Look for activities that deviate from normal usage patterns.<br />
3. '''Identify the Attacker:'''<br />
* '''IP Address:''' Trace the source IP address of the attack.<br />
* '''Attack Methods:''' Identify the tools and techniques used by the attacker.<br />
4. '''Reconstruct the Attack:'''<br />
* '''Sequence of Events:''' Reconstruct the sequence of events during the attack.<br />
* '''Motivation:''' Determine the motivation behind the attack.<br />
<br />
==Forensic Tools:==<br />
<br />
* '''Nmap:''' For scanning vulnerabilities and searching for attack evidence.<br />
* '''SQLyog:''' To check the database for unusual changes.<br />
* '''File System Forensic Tools:''' For analyzing system files.<br />
* '''Log Analysis Tools:''' For analyzing server logs.<br />
<br />
==Prevention:==<br />
<br />
* '''Strong Passwords:''' Use strong and unique passwords for MySQL accounts.<br />
* '''Access Restrictions:''' Limit database access to authorized users only.<br />
* '''Firewall:''' Configure firewalls to block unauthorized traffic to the MySQL port.<br />
* '''Monitoring:''' Regularly monitor server logs to detect suspicious activities.<br />
* '''Updates:''' Keep the operating system and MySQL software up to date with the latest security patches.<br />
<br />
==Conclusion==<br />
<br />
The mysql-brute.nse attack poses a serious threat to MySQL system security. By understanding the attack mechanisms and appropriate forensic measures, you can enhance your ability to detect, respond to, and prevent such attacks.<br />
<br />
'''Note:''' This information is general and may need to be adjusted to specific situations. Always consult with information security experts for more precise advice.<br />
<br />
==Interesting Links==<br />
<br />
* [[Forensic: IT]]</div>
Unknown user