In this recipe, we will explore how to use Metasploit to attack a MySQL database server using the MySQL Scanner module. Being the database of choice for many website platforms, including Drupal and Wordpress, many websites are currently using the MySQL database server. This makes it an easy target for the Metasploitable MySQL attack!
The following requirement needs to be fulfilled:
A connection to the internal network
Metasploitable running in our hacking lab
Wordlist to perform dictionary attack
Let's begin our MySQL attack by opening a terminal window:
Open a terminal window.
Launch the MSFCONSOLE:
msfconsole
Search for all the available MySQL modules:
search mysql
use auxiliary/scanner/mysql/mysql_login
Show the available options of the module:
show options
Set
RHOST
to the host of your Metasploitable 2 machine or target:set RHOST 192.168.10.111
Set your username file location. This is a user file list of your choice...