EvilZone

Hacking and Security => Hacking and Security => : erogol October 02, 2014, 02:12:18 PM

: Injecting MYSQL server through Metasploit?
: erogol October 02, 2014, 02:12:18 PM

I try to inject into a MySQL server with metasploit. I am pretty navie about the tool as a certain beginner. I initially try to get mysql server version by the mysql_server tool. But it is given that the remote machine does not allow my IP address. IS there any further process I can take to get around this limitation or is this it and I should try completely different way?

PS: this is totally hobbyist work ain't intending any illegal move.

: Re: Injecting MYSQL server through Metasploit?
: ande October 02, 2014, 06:11:10 PM

As far as I know, at this point in time. There is no way to get around this. MIGHT be possible, but I doubt anyone here are willing to tell you in public, or private for that matter.

: Re: Injecting MYSQL server through Metasploit?
: proxx October 02, 2014, 10:40:25 PM

On the global web things are a bit different then in a LAN situation in which it would be fairly easy.
The point is that you have little control over the routing, if one could manipulate one such route there is a opportunity there.
Don't underestimate how hard this can be.

As far LAN there are several ways of doing such a thing.
You could set the same IP address on your box, as for knowing the required address you can simply bruteforce that.
Then you would have to kick the other machine out of the network , one way to do it is to bombard the host with ARP packets so it will use your MAC  in its cache

: Re: Injecting MYSQL server through Metasploit?
: ande October 02, 2014, 10:59:29 PM

: proxx  October 02, 2014, 10:40:25 PM

On the global web things are a bit different then in a LAN situation in which it would be fairly easy.
The point is that you have little control over the routing, if one could manipulate one such route there is a oppuritunity there.
Don't underestimate how hard this can be.

As far LAN there are several ways of doing such a thing.
You could set the same IP address on your box, as for knowing the required address you can simply bruteforce that.
Then you would have to kick the other machine out of the network , one way to do it is to bombard the host with ARP packets so it will use your MAC  in its cache

(http://i.imgur.com/bHJAd6y.png)

Love when this happens. You are entirely right. +1

In a local setting where you can sniff or control the routing this would be possible.