Port 3306 – MySQL

How to enumerate port 3306 (MySQL)


Always try to test the following credentials:

Username: root
Password: root

Connect to MySQL:

mysql --host= -u root -p
mysql -h -u root
mysql -h -u [email protected]


nmap -sV -Pn -vv -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122

Mysql Brute-Force (Metasploit):

use auxiliary/scanner/mysql/mysql_login
set rhosts
set user_file /root/Desktop/users.txt
set pass_file /root/Desktop/passwords.txt

Mysql Brute-Force (Hydra):

hydra –L /root/Desktop/users.txt –P /root/Desktop/passwords.txt mysql

Executing shell commands from within the MySQL command line client:

If you are connecting to MySQL via command line client and want to execute a shell command, use the “\!” command then add the shell command after it. For instance, if you needed to get a directory listing of the current path, you would do the following:

mysql> \! ls -l

You can also drop a system shell by doing the following, This would then open up a bash shell.

mysql> \! bash


Leave A Reply

Your email address will not be published.