Web penetration test - 5. Brute force cracking vulnerability - (7) MySQL password cracking

MySQL Is a relational database management system , The Swedish MySQL AB Companies to develop , Belong to Oracle Its products .MySQL Is one of the most popular relational database management systems , stay WEB Application aspect ,MySQL It's the best RDBMS (Relational Database Management System, Relational database management system ) One of the application software .
MySQL Is a relational database management system , Relational databases keep data in different tables , Instead of putting all the data in one big warehouse , This increases speed and flexibility .
Default port ：3306.

One 、hydra

Hydra Is a parallel login cracker , It supports multiple attack protocols . It's very fast and flexible , And new modules are easy to add .kali Toolset integrated .

hydra Project address ：https://github.com/vanhauser-thc/thc-hydra/releases Full version

hydra Support ：
Cisco AAA、Cisco auth、Cisco enable、CVS、FTP、HTTP(S)-FORM-GET、HTTP(S)-FORM-POST、HTTP(S)-GET、HTTP(S)-HEAD、HTTP- agent 、ICQ、IMAP、IRC、LDAP、MS-SQL、MySQL、NNTP、Oracle The listener 、Oracle SID、PC-Anywhere、PC-NFS、POP3、PostgreSQL、RDP、Rexec、Rlogin、Rsh、SIP、SMB(NT) 、SMTP、SMTP enumeration 、SNMP v1+v2+v3、SOCKS5、SSH（v1 and v2）、SSHKEY、Subversion、Teamspeak (TS2)、Telnet、VMware-Auth、VNC and XMPP`.

hydra –L /root/Desktop/user.txt –P /root/Desktop/pass.txt IP mysql

-L： Specify the user name dictionary path
-P： Specify password dictionary path

Two 、Ncrack

Ncrack Is a high-speed network authentication cracking tool . It aims to help companies protect their networks by proactively testing all their hosts and network devices for password errors .Ncrack Is to use a modular approach 、 Be similar to Nmap Command line syntax and dynamic engine design that can adjust its behavior according to network feedback . It allows fast and reliable large-scale auditing of multiple hosts .kali Toolset integrated .

Ncrack The functionality of the includes a very flexible interface , Allow users to have complete control over network operations , Allow very complex brute force attacks , Easy to use timing templates , Be similar to Nmap The runtime interaction of . Supported protocols include SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , and DICOM

Project address ：https://nmap.org/ncrack/

ncrack –U /root/Desktop/user.txt -P /root/Desktop/pass.txt IP -p 3306

-U： Indicates the path to the user name list
-P： Indicates the path to the password list

3、 ... and 、Medusa

Medusa It's a fast one 、 A parallel and modular login brute force cracker . The goal is to support as many services as possible that allow remote authentication .kalikali Toolset integrated .

file ：
www.foofus.net/jmk/medusa/medusa.html
Source code ：
https://github.com/jmk-foofus/medusa
https://github.com/jmk-foofus/medusa/archive/2.2.tar.gz

The main functions are as follows ：
1、 Thread based parallel testing ： It can target multiple hosts at the same time 、 The user or password performs a brute force test .
2、 Flexible user input ： Target information can be specified in a number of ways （ host / user / password ）. for example , Each item can be a single item , It can also be a file that contains multiple entries . Besides , The combined file format allows users to refine their target list .
3、 Modular design ： Each service module acts as an independent .mod File exists . This means that the list of supported services can be extended for brute force cracking without any modification to the core application .
4、 Support multiple protocols ： Many services are currently supported （ for example SMB、HTTP、POP3、MS-SQL、SSHv2 etc. ）.

medusa -h IP –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M mysql

-U： Indicates the path to the user name list
-P： Indicates the path to the password list
-M： Specify the burst parameter type

Four 、Metasploit

msf > use auxiliary/scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set rhosts IP
msf auxiliary(mysql_login) > set user_file /root/Desktop/user.txt
msf auxiliary(mysql_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(mysql_login) > set stop_on_success true
msf auxiliary(mysql_login) > run