Hacking MYSQL Database using Metasploit in Kali Linux

Cyber reconnaissance is the most significant phase to stimulate an attack. Without any prior knowledge of a victim and the weaknesses that can help to exploit the target, the attack could not be successfully generated.

Talking about target, Cyber world is not entirely an internet but a lot more than that. It is an entity of independent networks containing telecommunication networks, databases, smart devices and web applications. There are different tricks and techniques to exploit each of them depending upon the information we get after reconnaissance.

Exploiting database is a key target for cyber criminals due to a valuable information storage and a number of loopholes including deployment failures, broken databases, data leak, stolen database backup, lack of segregation, SQL injections and database inconsistencies.

Any information related to database is advantageous to an attacker when it comes to generate an attack. Whether the information is about the version of database or the structure of database can render more juicy information to plan a strategy. If the version of database is outdated, it can be easily attacked through finding a suitable exploit. Moreover, weak credentials of low secure databases can help to use credential reusability or brute-forcing credentials to compromise highly secured database. Lastly getting knowledge of the schema of database is vital to perform SQL injection attack.

So today we are going to enumerate some of this information related to MYSQL database. We will use Metasploit framework as it includes many effective auxiliary modules to easily exploit the target. Use Metasploit framework via Kali Linux and target Metasploitable2 to observe the output.

Scanning

The first ever step of reconnaissance is scanning the target. It will determine if the MYSQL database is running on victim’s machine. As we know it runs on port 3306, use Nmap with the target’s IP to scan the target:

# NMAP 192.168.0.101 -P 3306

It shows that MYSQL is running on the target and the port is open.

Its time to enumerate this database and get information as much as you can collect to plan a better strategy.

Execute Metasploit framework by typing msfconsole on the Kali prompt:

Search all modules of MYSQL that can be helpful to generate an exploit. Type search mysql:

It listed a number of modules. As of now we are only concerned with the auxiliary scanners.

Cracking the Credentials

Let’s try mysql_login module first to crack some valid credentials of the MYSQL. Type use command to load the module:

USE AUXILIARY/SCANNER/MYSQL/MYSQL_LOGIN

Type options to see the current settings of this module:

Now create a file including a list of common usernames. I just prepared a short list for the demonstration purpose but in real, publicly available longer lists have been used to crack the credentials. Name it as you want:

Add some common usernames and save it:

Again, create a file containing common passwords. Usually a longer list has been used but as it will take more time to complete the module, we will keep it short. Add the passwords and save the file:

Set the created files i.e. ehacking_user.txt and passwords.txt to read the usernames and passwords from these files:

As MYSQL gives permission to login with a blank password therefore set this option true to check for blank passwords:

Set the target IP address. Use setg command to set this option globally since we are going to execute all modules on the same target:

All settings are done now run the module by typing exploit:

See the complete story published at ehacking blog.