1
00:00:00,360 --> 00:00:07,920
May I ask you, well, is one of the most used databases and it's almost in every network either for

2
00:00:07,920 --> 00:00:17,100
production or for development purposes, out-of-date or poorly configured MySQL installations may allow

3
00:00:17,100 --> 00:00:19,320
you to get in the system.

4
00:00:20,320 --> 00:00:23,950
So your first step is to discover the version.

5
00:00:25,290 --> 00:00:32,970
MSF has a couple of modules for my rescue well, so let's have a look at them and gather information

6
00:00:32,970 --> 00:00:35,580
from the I ask you all server in order.

7
00:00:36,450 --> 00:00:43,890
So do you remember as I do that there are my escarole databases in the result of the DBE and Map Command.

8
00:00:45,120 --> 00:00:46,640
So then how do you view it?

9
00:00:47,280 --> 00:00:54,840
I can view it by going to services P three, three or six entering that command.

10
00:00:55,500 --> 00:00:57,360
And sure enough, there they are.

11
00:00:58,730 --> 00:01:02,810
So there are some useful auxiliaries in medicine, wait for my ask you out.

12
00:01:03,850 --> 00:01:05,280
And you can search it like that.

13
00:01:09,130 --> 00:01:13,030
So here they are and like always, I will start with.

14
00:01:13,940 --> 00:01:18,020
Version enumeration, although and MAP already did it.

15
00:01:20,270 --> 00:01:21,440
So the options.

16
00:01:23,210 --> 00:01:26,300
Just going to set our hosts as my variable.

17
00:01:28,780 --> 00:01:29,650
So options.

18
00:01:32,690 --> 00:01:39,050
And run, yeah, it's executed quickly and the result is the same as the Divi inmate command.

19
00:01:39,940 --> 00:01:45,280
So check this out now, I'm going to use the my school login module.

20
00:01:47,080 --> 00:01:48,160
So the options.

21
00:01:49,620 --> 00:01:52,680
And they are house to value comes up globally.

22
00:01:54,150 --> 00:01:57,240
And there are some final variables, as you can see.

23
00:01:59,010 --> 00:02:02,670
And I'll set blank passwords to true.

24
00:02:04,110 --> 00:02:07,320
So the module will try blank passwords also.

25
00:02:08,770 --> 00:02:14,110
So I'm going to start a brute force and just a little bit, but I first need to create a dictionary

26
00:02:14,110 --> 00:02:17,460
file specialized for my ask you.

27
00:02:18,830 --> 00:02:26,210
And to accomplish this, I'll search on the Internet for a reasonable dictionary file, or you can also

28
00:02:26,210 --> 00:02:28,250
create one by yourself like we did earlier.

29
00:02:29,600 --> 00:02:32,690
But I just want to use the related words like this.

30
00:02:34,220 --> 00:02:37,880
So here in the second row, there's a GitHub page.

31
00:02:39,370 --> 00:02:44,770
And under default credentials, you will see a minuscule default password file.

32
00:02:46,390 --> 00:02:51,160
I'm going to copy that and say thank you to the owner of the page.

33
00:02:52,690 --> 00:02:56,890
OK, so I'll save it in a file in Colly.

34
00:02:57,990 --> 00:03:00,390
And I will say that here in the desktop.

35
00:03:02,100 --> 00:03:03,440
I think I did that before.

36
00:03:05,180 --> 00:03:07,910
So let's go back to the MSF council.

37
00:03:09,670 --> 00:03:15,140
Set the user pass fail variable to the file that you've just created.

38
00:03:15,910 --> 00:03:18,040
OK, then run.

39
00:03:20,990 --> 00:03:24,500
And I think you can get some user password pear's.

40
00:03:25,600 --> 00:03:30,610
So you should make a note finding because you will need to use this one later.

41
00:03:31,590 --> 00:03:37,610
OK, so so this means that you're really starting to discover and understand your target system.

42
00:03:38,760 --> 00:03:39,920
Let's get into the next one.