Pasword Cracking

//NOTE "mysql" is the service user for MySQL server.

Once you're logged in, you can get access to the Mysql root password by running strings on the following file: /var/lib/mysql/mysql/user.MYD.

You should get 2 passwords:

    debian-sys-maint
    root

The root password is likely split into two parts:

    localhost
root*8246FACFAA5BB9CFDCDEAEDA
6c732c6044b7
root
    127.0.0.1
root
root
    localhost
debian-sys-maint*7B6D59ECDB7B791CF100CA46D0AD911082112351
15DA4067EAA55FBC

The first part is *8246FACFAA5BB9CFDCDEAEDA and the second part is 15DA4067EAA55FBC (the value should be different on the live instance).

Once you put them together, you should get a file containing:

root:*8246FACFAA5BB9CFDCDEAEDA15DA4067EAA55FBC

You should then be able to crack the password using john (you will need the jumbo patch version of John) after you find the right format (by trial and error).

 You can use load_file() to load any file.

PreviousPOST Exploitation NextTCP 1433, 4022, 135, 1434, UDP 1434 - MSSQL

Last updated 1 year ago