Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysql login exceptions #1260

Merged
merged 4 commits into from Jan 9, 2013
Merged

Mysql login exceptions #1260

merged 4 commits into from Jan 9, 2013

Conversation

wchen-r7
Copy link
Contributor

@wchen-r7 wchen-r7 commented Jan 7, 2013

This add more exception handling for the mysql_login function. Related to the following ticket:
http://dev.metasploit.com/redmine/issues/7668

Tested on the following:

Demo for mysql_hashdump:

msf  auxiliary(mysql_hashdump) > run

[+] Saving HashString as Loot: root:*[----------------Removed---------------]
[+] Saving HashString as Loot: root:*[----------------Removed---------------]
[+] Saving HashString as Loot: root:*[----------------Removed---------------]
[+] Saving HashString as Loot: debian-sys-maint:*[----------------Removed---------------]
[*] Hash Table has been saved: /Users/sinn3r/.msf4/loot/20130107161618_default_10.0.1.22_mysql.hashes_135309.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Demo for mysql_login:

msf  auxiliary(mysql_login) > run

[*] 10.0.1.22:3306 MYSQL - Found remote MySQL version 5.1.66
[*] 10.0.1.22:3306 MYSQL - [1/1] - Trying username:'root' with password:'root'
[+] 10.0.1.22:3306 - SUCCESSFUL LOGIN 'root' : 'root'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Demo for mysql_schemadump:

msf  auxiliary(mysql_schemadump) > run

[*] Schema stored in: /Users/sinn3r/.msf4/loot/20130107161907_default_10.0.1.22_mysql_schema_185685.txt
[+] MySQL Server Schema 
 Host: 10.0.1.22 
 Port: 3306 
 ====================

--- []

Demo for mysql_mof:

msf  exploit(mysql_mof) > exploit

[*] Started reverse handler on 10.0.1.3:4444 
[*] 10.0.1.10:3306 - Attempting to login as 'sa:blah'
[-] Access denied
[*] Exploit completed, but no session was created.

jvazquez-r7
jvazquez-r7 reviewed Jan 9, 2013
View reviewed changes
modules/auxiliary/scanner/mysql/mysql_hashdump.rb
@@ -29,7 +29,6 @@ def initialize
def run_host(ip)

if (not mysql_login_datastore)
print_error("Invalid MySQL Server credentials")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleting this print_error results in the module exiting silently when login isn't possible unless VERBOSE = true:

msf  auxiliary(mysql_hashdump) > run

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mysql_hashdump) > set VERBOSE true
VERBOSE => true
msf  auxiliary(mysql_hashdump) > run

[-] Unable to login from this host due to policy
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Not sure if this is the best approach (the module finishing silently on error and verbose = false)... awaiting for confirmation before merge.

@jvazquez-r7
Copy link
Contributor

Looks better for me

msf  auxiliary(mysql_hashdump) > set RHOSTS 192.168.1.138
RHOSTS => 192.168.1.138
msf  auxiliary(mysql_hashdump) > run
[-] Unable to login from this host due to policy
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

merging!

@jvazquez-r7 jvazquez-r7 merged commit 6490af7 into rapid7:master Jan 9, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wchen-r7 @jvazquez-r7 @sinn3r