March 25, 2017 Karn Ganeshen

Metasploitable – Exploiting mysql service

root@kali:~# nmap -sV -n -p 3306 192.168.49.201

You can also use nmap scripts to gather more information.

Let’s attempt to identify mysql root password.

Use the login & password to connect to mysql database.

We will now use mysql load_file function to attempt reading contents of arbitrary files from the filesystem. Let’s try to access /etc/shadow file.

As seen above, shadow file could not be read. Let’s try and read /etc/passwd file.

 

+++++

Tagged: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *