Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:03,395 2 00:00:03,395 --> 00:00:04,850 [ELECTRONIC NOISES] 3 00:00:04,850 --> 00:00:10,200 4 00:00:10,200 --> 00:00:14,700 Now that we've seen how a SQL Server looks on Unix, 5 00:00:14,700 --> 00:00:16,500 we can dig in and see how, would you 6 00:00:16,500 --> 00:00:19,200 get a password given a certain username? 7 00:00:19,200 --> 00:00:22,260 8 00:00:22,260 --> 00:00:30,010 We'll check our IP address and then run Nmap scan with that. 9 00:00:30,010 --> 00:00:36,540 Subdomain, we see it's running on 3306. 10 00:00:36,540 --> 00:00:38,850 We'll run a service scan on that port. 11 00:00:38,850 --> 00:00:44,190 12 00:00:44,190 --> 00:00:45,060 And it confirms. 13 00:00:45,060 --> 00:00:53,310 It's MySQL 5.5.62. 14 00:00:53,310 --> 00:00:55,950 We're going to utilize msfconsole 15 00:00:55,950 --> 00:00:58,740 and an auxiliary scanner to brute force the login. 16 00:00:58,740 --> 00:01:10,450 17 00:01:10,450 --> 00:01:16,500 And we'll set our rhosts to our IP. 18 00:01:16,500 --> 00:01:18,915 And we're going to utilize a password file. 19 00:01:18,915 --> 00:01:26,190 20 00:01:26,190 --> 00:01:31,425 Using tab completion here makes things go a lot quicker. 21 00:01:31,425 --> 00:01:39,360 22 00:01:39,360 --> 00:01:42,810 We'll verbose to false. 23 00:01:42,810 --> 00:01:46,380 That way, we don't get too much stuff on screen. 24 00:01:46,380 --> 00:01:49,920 And we'll set stop_on_success to true 25 00:01:49,920 --> 00:01:53,460 since we only have one password for the username. 26 00:01:53,460 --> 00:01:57,255 And then we'll set username to root. 27 00:01:57,255 --> 00:02:01,000 28 00:02:01,000 --> 00:02:03,790 We'll run that scan. 29 00:02:03,790 --> 00:02:08,320 It brute forces fairly quickly, and we get root and catalina. 30 00:02:08,320 --> 00:02:14,120 Another way you could go about this is utilize hydra. 31 00:02:14,120 --> 00:02:20,440 Hydra is great-- lowercase l for our username, uppercase P 32 00:02:20,440 --> 00:02:21,400 for password file. 33 00:02:21,400 --> 00:02:24,670 34 00:02:24,670 --> 00:02:27,355 We use that same word list. 35 00:02:27,355 --> 00:02:31,703 36 00:02:31,703 --> 00:02:32,620 It's a good word list. 37 00:02:32,620 --> 00:02:37,630 There are many word lists out there that you could find. 38 00:02:37,630 --> 00:02:42,430 You put the IP address and then the protocol MySQL. 39 00:02:42,430 --> 00:02:44,440 And hydra will take care of the rest. 40 00:02:44,440 --> 00:02:48,540 It knows what port to look for. 41 00:02:48,540 --> 00:02:50,190 It knows it's 3306. 42 00:02:50,190 --> 00:02:53,940 If you had a non-standard port, you would pass that in as well. 43 00:02:53,940 --> 00:02:57,160 44 00:02:57,160 --> 00:02:59,260 And our scan completed. 45 00:02:59,260 --> 00:03:01,480 We see that with root. 46 00:03:01,480 --> 00:03:03,250 It worked with catalina. 47 00:03:03,250 --> 00:03:06,910 And that's how you can brute force your log in for MySQL, 48 00:03:06,910 --> 00:03:07,793 two different ways. 49 00:03:07,793 --> 00:03:08,710 There are many others. 50 00:03:08,710 --> 00:03:14,920 You could script it out with C++ or Python or bash scripting. 51 00:03:14,920 --> 00:03:19,500 But these tools are already there, ready and waiting. 52 00:03:19,500 --> 00:03:20,000 3335