Metasploit MYSQL enumeration - enumerate user data

Table of Contents

Metasploit MSQL enumeration – In this article I’m going to teach you Metasploit MSQL enumeration. before that, you should know the basics of MSQL

What is MSQL?

MSQL is a connectional database management system. based on Structured Query Language (SQL). The MSQL application is used for a wide range of purposes, Including logging applications and data warehousing.

The most common use for MSQL is web databases. it stored all information from a single record of information to an entire inventory of available products for an online store. and website username password also stored in MSQL database.

What is enumeration?

Enumeration is defined as a process It helps to find out the truth about hacking and connect the attacker with the target host. It is also used to exploit the password.

Basically, enumeration is used for the information gathering process.

1. Usernames, group names
2. Hostnames
3. Network shares and services
4. IP tables and routing tables
5. Service settings and audit configurations
6. Application and banners
7. SNMP and DNS details

MYSQL enumeration is Metasploit?

Metasploit is one of the best penetration testing tools. This tool has lots of modules including enumeration so first, we should find the enumeration module.

Find MYSQL enumeration modules in Metasploit

Step 1:

First, open the Metasploit tool so type the below command 

									sudo msfconsole -q				

Step 2:

Now type this below query in Metasploit this will help you to find the all enumeration module in Metasploit

									search mysql type:auxiliary				

Metaploit MYSQL module

How to use the enumeration module is Metasploit?

Step 1:

First, you choose which module you want to use after that type use (module name). Now I choose the MySQL version module so I type the below formate

									use auxiliary/scanner/mysql/mysql_version				

Now the module was selected after that what to do? don’t worry because Metasploit will guide you just you type the below query in the Metasploit terminal.

									show options				

Metasploit guide

Now this mysql_version module required RHOST only so you type your victim IP address with this below command

									set RHOSTS 31.170.171.166				

Then you just type the run command on your Metasploit terminal this run command will execute the Metasploit mysql_version module on our victim website or computer.

Executing the module

After executing the module you can know the version of MYSQL.

This is one of the examples you can do with this Metasploit MYSQL file enumeration, login information, auto bypass, brute force attack, and writeable directories.

I hope this article helps you a lot. if you have any doubts and need any other tutorial please tell me the command section. Thank you