Enumerating and Pentesting MYSQL Database - Comptia Pentest+ TryHackMe Network Services 2

Рет қаралды 9,661

Motasem Hamdan | Cyber Security & Tech

Күн бұрын

Пікірлер: 21

@TriNguyen-dl9uu 2 жыл бұрын

brilliant, if only I were given login credential to the database, it would be freaking easy wouldn't it

@blusterwaffle8439 3 жыл бұрын

I've just started on TryHackMe with a few of the courses; these videos are so useful and it's great to have these videos that give an overview of manual techniques. Thanks 🦾

@asipalacios8701 8 ай бұрын

you didnt go through the john the ripper question which is why i came here

@Cossaw 3 жыл бұрын

Carl... We've talked about this... ;)

@a_k1214 Жыл бұрын

LOGIN FAILED: root: (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21)) This after run MySQL login sir please can u solve it ????

@tomkraus1610 3 жыл бұрын

"You have error in your syntax" *Misspells command* "OH, IT IS A VIRUS" lol

@Tracksuit_Cx 3 жыл бұрын

great videos man its been really helping in my journey, really appreciate the extra information that you give in videos

@HK-sw3vi 3 жыл бұрын

good stuff man, thanks for the manual method. keep it going

@maapi 3 жыл бұрын

when it comes to cracking the hash using John The Ripper, I try using the command "john hash.txt" and I just get "john: command not found". I've already used "sudo apt-get install john" to make sure I have john, but it still doesn't work. Any ideas?

@maapi 3 жыл бұрын

Nevermind! After some playing around I realized I forgot the oldest trick in the book. Using "sudo" it works like a charm. I was so happy to see "doggie" show up on my screen lol

@CoryResilient 3 жыл бұрын

If MySQL port is open on a website. And you don't have the password but you have the user name which is root. Is their anyway to use sqlmap to dump the database? If a website is showing that port open. How do I break the URL to have sqlmap inject itself?

@MotasemHamdan 3 жыл бұрын

You can try brute forcing the password if mysql is open

@CoryResilient 3 жыл бұрын

@@MotasemHamdan I know that. You clearly didn't read the full comment lol. I said.. If MySQL port is open and vulnerable on a webserver. Can you not use sqlmap against the website and dump the database that way? If so. How. Break the URL with index.php?id=1? Or are you not that experienced.

@MotasemHamdan 3 жыл бұрын

@@CoryResilient Yes you can do that with sqlmap. You need to find a vulnerable parameter first and then use it in sqlmap

@CoryResilient 3 жыл бұрын

@@MotasemHamdan okay thank you. And where would I find the vulnerable parameter. I'm confused. Because on my target server. MySQL is open and vulnerable. So I thought. Oh ok. I want to use sqlmap to exploit it. But. All I have is an open port. No way of finding this parameter. In the actual URL. To feed sqlmap. I tried --crawl=2 and index.php?id=1 still can't get it for some reason. Any ideas?

@vaganarora4570 2 жыл бұрын

good stuff man :)

@whelbe 3 жыл бұрын

Hi, how were you able to find the password 'doggie'?

@Ginter1 2 жыл бұрын

Thank you ❤️

@yiyo008 3 жыл бұрын

gracias estan entretenidos saludos

@MotasemHamdan 3 жыл бұрын

de nada

@miss_tech Жыл бұрын

Im shocked of the amount of youtube videos and tutorials of passwordless mysql 😂 this is not true at all . Practically Servers passwords are too long and too complicated lettrrs and numbers to brute force 🙄