Brute forcing MySQL passwords
Web servers sometimes return database connection errors that reveal the MySQL username used by the web application. Penetration testers could use this information to perform brute force password auditing.
This recipe describes how to launch dictionary attacks against MySQL servers by using Nmap.
How to do it...
To perform brute force password auditing against MySQL servers by using Nmap, use the following command:
$ nmap -p3306 --script mysql-brute <target>
If valid credentials are found, they will be included in the mysql-brute
output section:
3306/tcp open mysql | mysql-brute: | root:<empty> => Valid credentials |_ test:test => Valid credentials
How it works...
The script mysql-brute
was written by Patrik Karlsson ...
Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.