So this is a short write up on using the MySQL security Assessment Script
by
Carlos PerezOf course you will need a mysql database to target.
If you want a pre-made setup then get the
metasploitable package.
Grab some shell and navigate to the /pentest/database/mysqlaudit/ directory.
Then just run the command with no options.
-----------------------------CODE---------------------------------------
root@bt:/pentest/database/mysqlaudit#./mysqlaudit.py
MySQL Security Assesment Script Version 1.0
By: Carlos Perez, carlos_perez[at]darkoperator.com
USAGE:
python ./mysqlaudit.py Targer IP User Password Report
Target : The system you whant to do the assement on, port 3306 should be open.
User : User account with DBA privelages on the server to use for the assesment.
Password : password for the user account.
Report : Name of text file to wich to write the report.
-----------------------------CODE--------------------------------------
Simple enough the only thing you will need of course is the log-on credentials.
This time we will run the scan against our metasploitable setup and see what happens.
-----------------------------CODE--------------------------------------
root@bt:/pentest/database/mysqlaudit# ./mysqlaudit.py 192.168.2.103 root root /tmp/msqlauditreport.txt
root@bt:/pentest/database/mysqlaudit#
-----------------------------CODE--------------------------------------
So in order to see what our report shows we can either open it with a text editor or we can cat the output back to the screen.
Since the report is quite long I will only show a little of it here.
-----------------------------CODE--------------------------------------
root@bt:/pentest/database/mysqlaudit# cat /tmp/msqlauditreport2.txt | less
Severity: High
Description:
MySQL authentication is based on usernames and passwords stored in a table
called mysql.user. To create a user, a row is added to this table. MySQL
also supports wildcards and blank values in the USERNAME and HOST fields of
the table. By indicating a blank username and a blank password, you allow
anonymous access to the MySQL database.
Solution:
To remove the anonymous user, run the following commands:
shell> mysql -u root [password]
mysql> DELETE FROM mysql.user WHERE User = '';
Anonymous user was found
User Connection Location
anonymous ---->localhost
anonymous ---->ubuntu804-base
-----------------------------CODE-------------------------------------
As you can tell there is a high level flaw in our setup.
So this tool will allow the Penetration tester to target mysql databases and will determine some basics when it comes to the security of the system.
Have fun.