Presentation is loading. Please wait.

Presentation is loading. Please wait.

MySQL Exploit with Metasploit

Published byElijah Joseph Modified over 6 years ago

Similar presentations

Presentation on theme: "MySQL Exploit with Metasploit"— Presentation transcript:

1 MySQL Exploit with Metasploit
Ryan Boyce

2 Machines Attacker – 192.168.252.128 Remote Host – 192.168.252.130
Kali Linux Virtual Machine / Metasploit Linux Metasploitable server Virtual Machine / MySQL Server

3 Nmap Nmap reveals many open vulnerabilities in the remote host, including: Open_ftp with anonymous login Rpcbind (mapping to network shares) Apache Server Most notably, though… MySQL server!

4 MySQL Exploits (mysql_version) (mysql_login)
Confirm SQL version from nmap: Nmap was correct and MySQL is running on port 3306 Test usernames/passwords with mysql_login:

5 Gaining Access to DB From terminal on Kali VM, it is possible to test connection with verified ‘root’ user found in exploit: ‘root’ user is not password protected, access to DB is granted from terminal:

6 Browsing Remote DB Personally identifiable information is easily extracted with simple SQL commands:

7 Corrupting Data It is also possible to corrupt/delete data with terminal access as ‘root’ user:

Download ppt "MySQL Exploit with Metasploit"

Similar presentations

PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
OpenNebula VM ICOM5016 DATABASE SYSTEMS PROFESSOR: DR. AMIR CHINAEI PREPARED BY: PAUL BARTUS.

OpenNebula VM ICOM5016 DATABASE SYSTEMS PROFESSOR: DR. AMIR CHINAEI PREPARED BY: PAUL BARTUS.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting https://www.alternativehosting.com

Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting
bWAPP – Bee Bug – Installation

bWAPP – Bee Bug – Installation
IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.
Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting https://www.alternativehosting.com

Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 19 TELNET and Rlogin.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 19 TELNET and Rlogin.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.

Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.

CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.

Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.

Similar presentations

Ads by Google