Assumed login details: root:password<\/strong><\/p>\n\n\n\n To start we’ve done a port scan of the target server. On this we can see both port 22 and port 3306 open both over TCP. <\/p>\n\n\n\n Now we have some assumed login details. Lets test if these are correct. <\/p>\n\n\n\n Ok so the login details are correct. Time to swap to Metasploit. <\/p>\n\n\n\n We’ve now launched metasploit and loaded up the mysql_sql module. We will be running an exploit using PASSWORD\/RHOSTS\/USERNAME<\/p>\n\n\n\n Variables have been successfully set. The exploit is set to simply pull the version it’s running on. <\/p>\n\n\n\n Perfect. Now lets try something a little more ambitious. <\/p>\n\n\n\n and we now have a full list of databases running on the server.<\/p>\n\n\n\n This time around we’ll be using the mysql_schemadump module. <\/p>\n\n\n\n Not a lot of point screenshotting it again but PASSWORD, RHOSTS and USERNAME variables set and the exploit has been run and the tables dumped. <\/p>\n\n\n\n Swapping over to the mysql_hashdump <\/strong>module we again set the variables and run<\/p>\n\n\n\n From here we can see a user account ‘Carl’ which is worth exploring. We have a hash so lets see if we can crack that hash using John the Ripper. <\/p>\n\n\n\n There we go. One successfully decrypted hash. <\/p>\n","protected":false},"excerpt":{"rendered":" Finishing off the extended Network Services section of TryHackMe is SQL. I will cover SQL in a later knowledge article…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[6,3],"tags":[],"class_list":["post-170","post","type-post","status-publish","format-standard","hentry","category-practice","category-tryhackme"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=170"}],"version-history":[{"count":1,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions"}],"predecessor-version":[{"id":184,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/170\/revisions\/184"}],"wp:attachment":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Footprinting & Enumeration<\/span><\/h2>\n\n\n\n
![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-17.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-18.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-19.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-20.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-21.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-22.png\")
<\/figure>\n\n\n\nExploiting mySQL<\/h2>\n\n\n\n
![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-23.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-27.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-28.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-29.png\")
<\/figure>\n\n\n\n