Discover open mysql ports

MySQL is running by default on port 3306. To discover MySQL you can do it either with nmap or with Metasploit’s auxiliary modules.
 
The NMAP way
Nmap is a free and open source network discovery and security auditing utility. It can discover open ports, running services, operating system version and much more.

To discover open MySQL ports we use nmap in this way:

nmap -sT -sV -Pn -n -p 3306 192.168.200.133

 

Parameters:
-sT: TCP connect scan
-sV: Determine Service version information
-Pn: skip Host discovery
-p 3306: Scan port 3306
-n: no dns resolution
 
 
Scanning the whole network

nmap -sT -sV -Pn –open -p 3306 192.168.200.0/24

 

Parameters:
–open: Show only open ports
 

The Metasploit way
Metasploit offers auxiliary module mysql_version. This module enumerates the version of running MySQL servers.

To use it type:

use auxiliary/scanner/mysql/mysql_version

To use this scanner you have to set its options. Type:

show options

To see a list of available options.
 

Set the RHOSTS parameter:

set RHOSTS 192.168.200.133

or

set RHOSTS 192.168.200.0/24

 

Set the RPORT parameter to a different value if you believe that the MySQL Server is listening on a different port:

Set RPORT 3333

 

Increase THREADS value for a faster scanning:

set THREADS 50

 

Now, just type:

run

and hit enter.

Published in Hakin9 magazine on October 25, 2012

%d bloggers like this: