Table of Contents
Metasploit MSQL enumeration – In this article I’m going to teach you Metasploit MSQL enumeration. before that, you should know the basics of MSQL
What is MSQL?
MSQLย is a connectional database management system. based on Structured Query Language (SQL). The MSQL application is used for a wide range of purposes, Including logging applications and data warehousing.
The most common use for MSQL is web databases. it stored all information from a single record of information to an entire inventory of available products for an online store. and website username password also stored in MSQL database.
What is enumeration?
Enumeration is defined as a process It helps to find out the truth about hacking and connect the attacker with the target host. It is also used to exploit the password.
Basically,ย enumerationย is used for the information gathering process.
- Usernames, group names
- Hostnames
- Network shares and services
- IP tables and routing tables
- Service settings and audit configurations
- Application and banners
- SNMP and DNS details
MYSQL enumeration is Metasploit?
Metasploit is one of the best penetration testing tools. This tool has lots of modules including enumeration so first, we should find the enumeration module.
Find MYSQL enumeration modules in Metasploit
Step 1:
First, open the Metasploit tool so type the below commandย
sudo msfconsole -q
Step 2:
Now type this below query in Metasploit this will help you to find the all enumerationย moduleย in Metasploit
search mysql type:auxiliary
How to use the enumeration module is Metasploit?
Step 1:
First, you choose which module you want to use after that type use (module name).ย Now I choose the MySQL version module so I type the below formate
use auxiliary/scanner/mysql/mysql_version
Now the module was selected after that what to do? don’t worry becauseย Metasploitย will guide you just you type the below query in the Metasploit terminal.
show options
Now this mysql_version module required RHOST only so you type your victim IP address with this below command
set RHOSTS 31.170.171.166
Then you just type the run command on yourย Metasploitย terminal this run command will execute the Metasploit mysql_version module on our victim website or computer.
After executing the module you can know the version of MYSQL.
This is one of the examples you can do with this Metasploit MYSQL file enumeration, login information, auto bypass, brute force attack, and writeable directories.
I hope this article helps you a lot. if you have any doubts and need any other tutorial please tell me the command section. Thank you