MySQL servers support granular permissions to access databases. If we have credentials with access to the mysql.user
table, we could list all users in the MySQL server. This is the reason why it is important to configure user permissions to be as restrictive as possible.
The following recipe shows how to use Nmap to enumerate users in MySQL servers.
Open your terminal and enter the following command:
$ nmap -p3306 --script mysql-users --script-args mysqluser=<username>,mysqlpass=<password> <target>
If the credentials provided have access to the mysql.user
table, the user list will be included in the script output:
PORT STATE SERVICE 3306/tcp open mysql | mysql-users: | root | crm | web |_ admin