I’m stuck on "Use the user’s credentials we found in the previous section and find out the credentials for MySQL. Submit the credentials as the answer.
My question is, are we suppose to SSH into sam’s host and dig around for credentials? I’ve tried searching into config files, ssh keys, etc, but am getting permission errors.
Or are we suppose to use credential stuffing ( hydra -C <user_pass.list> ://) using a file with user:pass as explained in the module ? I created a file with sam, kira, will and default sql usernames. So for every line in the file i have sam:pass. kira:pass, root:pass. admin:pass etc. (pass being Sam’s password discovered in previous module) I mutated this list using rules and then tried to use Hydra with no success. Am i completely missing the ball on this one? Any guidance is appreciated.
Hey Mike - you’re on the right path. Login as S** try the defaults for m****. Don’t try anything too long-winded/hard (like i did, and waste time). The way some of these questions are worded is a pain. Need anymore help, feel free to DM me.
Once you are on the target via the previous found credentials using ssh, you need to login to the mysql service. All the information needed can be found on the page!
Just read it again and again, follow the links and check extra information
For those that were struggling like me and had to take a break;)
You need to ssh into the machine with the previous account, sam.
After that, you need to connect to the service MySQL, the service is not exposed, but if you run a ps aux | grep mysql you can see that is running;)
If you follow everyone’s suggestions, you will for sure make it;)
GL, you will need it.
I’m stuck here. I logged in with the user and his password I found in the previous task. Now I don’t know how to access mysql or get the password. Mysql does not use a default password. How I’m I supposed to find this?
Finally, got it. This was extremely frustrating, because the wording of the question is infuriating confusing imo. But anyway, for people who are also stuck:
For those who want to use hydra to solve the task:
MySQL, port 3306, is not publicly accessible. An SSH port forwarding is soldered for this. (if you are logged into ssh, enter this command to see internal services: ss -tulpn). It can be seen that port 3306 is active in localhost.
2.) ssh -L 4444:localhost:3306 s**@<IP_Target>
3) check via browser port forwarding active: localhost:4444
4) brute force it via hydra, use mysql default credits list
→ hydra -C login.list mysq://localhost:4444
I am here to help others to avoid wasting their time. The question says you need to write in the form of <>:<> BUT you need to insert the answer without <> like user:pass. So you need to answer username:password
I lost one hour due to this even if the answer was correct
For the guys who followed the suggestions but still didnt get what’s going on :
You cant really “access” mysql at the end, so far as I’ve done. But, login attempt with correct username:password gives you a slightly different error message. Look carefully into it, you’ll get it.
