-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auxiliary/scanner/mysql/mysql_login missing default username or incorrect description #12891
Comments
Looks to be true: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/mssql/mssql_login.rb |
These changes seem reasonable to me. I believe I believe enabling blank passwords by default is also reasonable, given that they are permitted and the default for the privileged As an aside, I ran into another issue:
Seems the MySQL libraries might not support MariaDB ? |
I noted some other inconsistencies with it as well. For instance, if the account is set to only |
I've finished the testing I was doing where I picked this up, but agree the
changes look good.
On the localhost issue, I've seen a problem that might be related when
fixing DVWA issues. In some situations, localhost and 127.0.0.1 are not
treated the same. I could be wrong, but I've got memories of the client
looking at pipes rather than the network socket if you specify localhost.
It is unlikely in the real world that someone will have Metasploit on the
same box that they are scanning so not sure if this would be an issue worth
spending much time fixing.
One last thought, can you remotely pull the database version, or even if it
is mysql vs mariadb without successfully connecting? Again, I looked at it
for debugging DVWA issues and have memories of not being able to find a
way, all I could get were the client library versions. This might account
for the discrepancy you see in that example.
…On Sat, 15 Feb 2020, 12:12 h00die, ***@***.***> wrote:
I noted some other inconsistencies with it as well. For instance, if the
account is set to only localhost login, you get the error for a bad
login, but I think it should actually tell you that its a valid account,
but can't login from this host. Then, in theory, skip the rest of that
username testing.
I also see it detected 5.5.5 (assuming thats an else case) when it was
maria 10.3.22.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#12891?email_source=notifications&email_token=AAA4SWKIRCT4JQSQZOBQW6TRC7L4LA5CNFSM4KNJ65TKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL3JB2Y#issuecomment-586584299>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWLDYJ3W5NXPKB4LN7LRC7L4LANCNFSM4KNJ65TA>
.
|
You are correct.
|
Woo!
…On Sat, 15 Feb 2020, 12:37 bcoles, ***@***.***> wrote:
On the localhost issue, I've seen a problem that might be related when
fixing DVWA issues. In some situations, localhost and 127.0.0.1 are not
treated the same.
You are correct.
***@***.***:~/Desktop/metasploit-framework# mysql -h 127.0.0.1 -u root -p
Enter password:
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
***@***.***:~/Desktop/metasploit-framework# mysql -h localhost -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 79
Server version: 10.3.22-MariaDB-1 Debian buildd-unstable
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#12891?email_source=notifications&email_token=AAA4SWMEY3ALUOBGKLTRNKDRC7OX3A5CNFSM4KNJ65TKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEL3JQ2Q#issuecomment-586586218>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA4SWP5FIGITOKY4DPFPD3RC7OX3ANCNFSM4KNJ65TA>
.
|
If possible, it would be good if it reported the username as valid. Outside the scope of this PR. I haven't tested the MSSQL module, but the changes look good to me. I think this is good to land? |
believe so |
Hey guys ...am new to metasploit and am tying to use this module to test mysql server which is running in Ubuntu desktop 18.04 TLS but am getting this error... Module options (auxiliary/scanner/mysql/mysql_login): Name Current Setting Required Description BLANK_PASSWORDS true no Try blank passwords for all users msf5 auxiliary(scanner/mysql/mysql_login) > [+] xxx.xxx.x.xx :3306 - xxx.xxx.x.xx :3306 - Found remote MySQL version 5.5.5 |
Steps to reproduce
Using the
auxiliary/scanner/mysql/mysql_login
module, the description says:But the default settings don't have the username set to sa so running the module fails.
Expected behavior
The module should set the default username to sa or it should not run if no username or username file is configured.
Current behavior
Running it after just setting the RHOSTS value results in the following error:
Setting the USERNAME to sa, the module runs fine.
System stuff
Metasploit version
19fa008b4321a06cac0ec0fb1cc85d64f4129430 (HEAD -> master, origin/master, origin/HEAD) Land #12856, whitespace cleanup in cracker lib
I installed Metasploit with:
ruby 2.5.7p206 (2019-10-01 revision 67816) [x86_64-linux-gnu]
OS
Kali rolling.
The text was updated successfully, but these errors were encountered: