module

MySQL Authentication Bypass Password Dump

Try Surface Command
Back to search
Disclosed
2012-06-09
Created
2018-05-30

Description

This module exploits a password bypass vulnerability in MySQL in order
to extract the usernames and encrypted password hashes from a MySQL server.
These hashes are stored as loot for later cracking.

Impacts MySQL versions:
- 5.1.x before 5.1.63
- 5.5.x before 5.5.24
- 5.6.x before 5.6.6

And MariaDB versions:
- 5.1.x before 5.1.62
- 5.2.x before 5.2.12
- 5.3.x before 5.3.6
- 5.5.x before 5.5.23

Authors

theLightCosine theLightCosine@metasploit.com
jcran jcran@metasploit.com

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/scanner/mysql/mysql_authbypass_hashdump
    msf auxiliary(mysql_authbypass_hashdump) > show actions
        ...actions...
    msf auxiliary(mysql_authbypass_hashdump) > set ACTION < action-name >
    msf auxiliary(mysql_authbypass_hashdump) > show options
        ...show and set options...
    msf auxiliary(mysql_authbypass_hashdump) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today