Thursday, April 3, 2014

Nmap Scripting Engine: Auditing MySQL Server

Nmap is an Open Source tool for Network Mapping, Network Inventory and Security Auditing. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
 
MySQL is an Open Source Relational Data Base Management Systems (RDBMS).
 
I am using Nmap TCP SYN scan to find all open ports.
 
Nmap Scripts are located at
/usr/share/nmap/scripts
on Kali Linux.
 
Below snapshot shows the scripts we used to audit MySQL Server. Nmap Script disclose critical information like username, usernames without password. cersion, dump of hashes etc.

 
To run all the scripts related to MySQL execute below command.
# nmap --script "mysql-*" target_ip
 
From the above snapshots replace 127.0.0.1 with the IP you want to scan/audit.
 

9 comments:

  1. All are saying the same thing repeatedly, but in your blog I had a chance to get some useful and unique information, I love your writing style very much, I would like to suggest your blog in my dude circle, so keep on updates.
    Software Testing Training in Chennai
    Software Testing Course in Chennai
    AWS Training in Chennai
    Blue Prism Training in Chennai
    CCNA Course in Chennai
    Cloud Computing Training in Chennai
    Data Science Course in Chennai
    Software Testing Training in Velachery

    ReplyDelete
  2. A IEEE project is an interrelated arrangement of exercises, having a positive beginning and end point and bringing about an interesting result in Engineering Colleges for a particular asset assignment working under a triple limitation - time, cost and execution. Final Year Project Domains for CSE In Engineering Colleges, final year IEEE Project Management requires the utilization of abilities and information to arrange, plan, plan, direct, control, screen, and assess a final year project for cse. The utilization of Project Management to accomplish authoritative objectives has expanded quickly and many engineering colleges have reacted with final year IEEE projects Project Centers in Chennai for CSE to help students in learning these remarkable abilities.



    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

    ReplyDelete
  3. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    app and you are doing well.





    Dot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery

    ReplyDelete