Metasploit mailing list archives

Re: mysql_enum and mysql_sql error

From: Amin <amin () zitune ch>
Date: Thu, 07 Jan 2010 12:22:13 +0100

OK, there seems to be a problem using unix-sockets. We can force msfto use tcp socketsby specifying RHOST to something different then 'localhost' or'127.0.0.1' and by setting

a corresponding /etc/hosts entry.
msf auxiliary(mysql_sql) > set RHOST foohost
RHOST => foohost
msf auxiliary(mysql_sql) > run

[*] Sending statement: 'select version()'...
[*]  | 5.1.42 |
[*] Auxiliary module execution completed


mysql_enum still fails:
msf auxiliary(mysql_sql) > set RHOST foohost
RHOST => foohost
msf auxiliary(mysql_enum) > run

[*] Running MySQL Enumerator...
[*] Enumerating Parameters
[*]         MySQL Version: 5.1.42
[*]         Compiled for the following OS: pc-linux-gnu
[*]         Architecture: i686
[*]         Server Hostname: bt
[*]         Data Directory: /usr/local/mysql/data/
[*]         Logging of queries and logins: OFF
[*]         Old Password Hashing Algorithm OFF
[*]         Loading of local files: ON
[*]         Logins with old Pre-4.1 Passwords: OFF
[*]         Allow Use of symlinks for Database Files: YES
[*]         Allow Table Merge:
[*]         SSL Connection: DISABLED
[*] Enumerating Accounts:
[-] Auxiliary failed: NoMethodError undefined method `count' for
#<RbMysql::SimpleQueryResult:0xb5d4104c>
[-] Call stack:
[-]   (eval):84:in `run'
[*] Auxiliary module execution completed



Bugfix: Use res.size instead of res.count in mysql_enum.rb.



Quoting Amin <amin () zitune ch>:

Hi All,

the auxiliary/admin/mysql/mysql_sql and
auxiliary/admin/mysql/mysql_enum modules fail to connect to the mysql
server. What am i missing here?

Meilleurs salutations,
Amin
--------------------------------------------------
                                  _       _
             _                   | |     (_)_
 ____   ____| |_  ____  ___ ____ | | ___  _| |_
|    \ / _  )  _)/ _  |/___)  _ \| |/ _ \| |  _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
                           |_|


       =[ metasploit v3.3.4-dev [core:3.3 api:1.0]
+ -- --=[ 490 exploits - 225 auxiliary
+ -- --=[ 192 payloads - 23 encoders - 8 nops
       =[ svn r8082 updated today (2010.01.07)

msf > use auxiliary/scanner/mysql/version
msf auxiliary(version) > set RHOSTS localhost
RHOSTS => localhost
msf auxiliary(version) > run

[*] 127.0.0.1:3306 is running MySQL 5.1.42 (protocol 10)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(version) > back
msf > use auxiliary/scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set RHOSTS localhost
RHOSTS => localhost
msf auxiliary(mysql_login) > set MYSQL_PASS Cothiew1
MYSQL_PASS => Cothiew1
msf auxiliary(mysql_login) > run

[*] 127.0.0.1:3306 successful logged in as 'root' with password 'Cothiew1'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(mysql_login) > back
msf > use auxiliary/admin/mysql/mysql_sql
msf auxiliary(mysql_sql) > setg RHOST localhost
RHOST => localhost
msf auxiliary(mysql_sql) > setg MYSQL_PASS Cothiew1
MYSQL_PASS => Cothiew1
msf auxiliary(mysql_sql) > show options

Module options:

   Name        Current Setting   Required  Description
   ----        ---------------   --------  -----------
   MYSQL_PASS  Cothiew1          no        The password for the
specified username
   MYSQL_USER  root              yes       The username to authenticate as
   RHOST       localhost         yes       The target address
   RPORT       3306              yes       The target port
   SQL         select version()  yes       The SQL to execute.

msf auxiliary(mysql_sql) > run

[-] Auxiliary failed: TypeError can't convert Socket into String
[-] Call stack:
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `new'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /usr/lib/ruby/1.8/timeout.rb:48:in `timeout'
[-]   /root/msf/lib/rbmysql/protocol.rb:188:in `initialize'
[-]   /root/msf/lib/rbmysql.rb:148:in `new'
[-]   /root/msf/lib/rbmysql.rb:148:in `connect'
[-]   /root/msf/lib/rbmysql.rb:88:in `connect'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:42:in `mysql_login'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:58:in `mysql_login_datastore'
[-]   (eval):39:in `run'
[*] Auxiliary module execution completed
msf auxiliary(mysql_sql) > back
msf > use auxiliary/admin/mysql/mysql_enum
msf auxiliary(mysql_enum) > show options

Module options:

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   MYSQL_PASS  Cothiew1          no        The password for the
specified username
   MYSQL_USER  root              yes       The username to authenticate as
   RHOST       localhost         yes       The target address
   RPORT       3306              yes       The target port
   SQL         select version()  yes       The SQL to execute.

msf auxiliary(mysql_sql) > run

[-] Auxiliary failed: TypeError can't convert Socket into String
[-] Call stack:
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `new'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /usr/lib/ruby/1.8/timeout.rb:48:in `timeout'
[-]   /root/msf/lib/rbmysql/protocol.rb:188:in `initialize'
[-]   /root/msf/lib/rbmysql.rb:148:in `new'
[-]   /root/msf/lib/rbmysql.rb:148:in `connect'
[-]   /root/msf/lib/rbmysql.rb:88:in `connect'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:42:in `mysql_login'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:58:in `mysql_login_datastore'
[-]   (eval):39:in `run'
[*] Auxiliary module execution completed
msf auxiliary(mysql_sql) > back
msf > use auxiliary/admin/mysql/mysql_enum
msf auxiliary(mysql_enum) > show options

Module options:

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   MYSQL_PASS  Cothiew1         no        The password for the
specified username
   MYSQL_USER  root             yes       The username to authenticate as
   RHOST       localhost        yes       The target address
   RPORT       3306             yes       The target port

msf auxiliary(mysql_enum) > run

[-] Auxiliary failed: TypeError can't convert Socket into String
[-] Call stack:
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `new'
[-]   /root/msf/lib/rbmysql/protocol.rb:191:in `initialize'
[-]   /usr/lib/ruby/1.8/timeout.rb:48:in `timeout'
[-]   /root/msf/lib/rbmysql/protocol.rb:188:in `initialize'
[-]   /root/msf/lib/rbmysql.rb:148:in `new'
[-]   /root/msf/lib/rbmysql.rb:148:in `connect'
[-]   /root/msf/lib/rbmysql.rb:88:in `connect'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:42:in `mysql_login'
[-]   /root/msf/lib/msf/core/exploit/mysql.rb:58:in `mysql_login_datastore'
[-]   (eval):39:in `run'
[*] Auxiliary module execution completed
msf auxiliary(mysql_enum) >
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

mysql_enum and mysql_sql error Amin (Jan 07)
- Re: mysql_enum and mysql_sql error Amin (Jan 07)
  - Re: mysql_enum and mysql_sql error (patches) Amin (Jan 07)
    - Re: mysql_enum and mysql_sql error (patches) Carlos Perez (Jan 07)