Pages: [1]

Author Topic: Injecting MYSQL server through Metasploit?  (Read 606 times)

0 Members and 1 Guest are viewing this topic.

Offline erogol

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -3
    • View Profile
Injecting MYSQL server through Metasploit?
« on: October 02, 2014, 02:12:18 pm »
I try to inject into a MySQL server with metasploit. I am pretty navie about the tool as a certain beginner. I initially try to get mysql server version by the mysql_server tool. But it is given that the remote machine does not allow my IP address. IS there any further process I can take to get around this limitation or is this it and I should try completely different way?

PS: this is totally hobbyist work ain't intending any illegal move.
Report to moderator   Logged

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Injecting MYSQL server through Metasploit?
« Reply #1 on: October 02, 2014, 06:11:10 pm »
As far as I know, at this point in time. There is no way to get around this. MIGHT be possible, but I doubt anyone here are willing to tell you in public, or private for that matter.
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Injecting MYSQL server through Metasploit?
« Reply #2 on: October 02, 2014, 10:40:25 pm »
On the global web things are a bit different then in a LAN situation in which it would be fairly easy.
The point is that you have little control over the routing, if one could manipulate one such route there is a opportunity there.
Don't underestimate how hard this can be.

As far LAN there are several ways of doing such a thing.
You could set the same IP address on your box, as for knowing the required address you can simply bruteforce that.
Then you would have to kick the other machine out of the network , one way to do it is to bombard the host with ARP packets so it will use your MAC  in its cache
« Last Edit: October 02, 2014, 11:27:53 pm by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Injecting MYSQL server through Metasploit?
« Reply #3 on: October 02, 2014, 10:59:29 pm »
Quote from: proxx on October 02, 2014, 10:40:25 pm
On the global web things are a bit different then in a LAN situation in which it would be fairly easy.
The point is that you have little control over the routing, if one could manipulate one such route there is a oppuritunity there.
Don't underestimate how hard this can be.

As far LAN there are several ways of doing such a thing.
You could set the same IP address on your box, as for knowing the required address you can simply bruteforce that.
Then you would have to kick the other machine out of the network , one way to do it is to bombard the host with ARP packets so it will use your MAC  in its cache




Love when this happens. You are entirely right. +1

In a local setting where you can sniff or control the routing this would be possible.
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true
Pages: [1]