Thanks it worked
whoever made it so you can’t actually login into mysql is fucking special ngl.
I used a bash script that would work perfectly fine in a normal environment in which mysql is actually used / can be logged into.
This is the only module which is like an actual dumpster fire and it’s such a shame. Concepts they teach here are very important but how they do it is such pathetic disaster. Especially if we take all their talk about how mindsets and all that BS at the start of the CPTS path. Truly a shame.
sed ‘s/[^,]*,//; s/,/:/’ data.csv > file.txt
Assuming data.csv format is v1,v2,v3
This command will produce a v2:v3 per line file
For those who want to do command line brute forcing:
#!/bin/bash
# Check if the file "cred.txt" exists
if [ -f "cred.txt" ]; then
# Read each line of the file and process it
while IFS= read -r line; do
# Split the line into two variables using ":" as the delimiter
IFS=":" read -r word1 word2 <<< "$line"
# Now you can work with word1 and word2 separately
echo "First word: $word1"
echo "Second word: $word2"
mysql -u $word1 -p$word2
done < "cred.txt"
else
echo "File 'cred.txt' does not exist."
fi
I mean, we’re on a brute forcing chapter so a quick N dirty script to do brute force without access to tools is nice
bro, trust me, none of these they suggested to you were real suggestions, except partially the one from : wfsahuo3
the purpose of this module is to demonstrate that passwords are reused or at least some are default, so the only option you have is
don’t use hydra, because it’s useless,
you simply have to use the s***** credentials to log in via ssh and evaluate which of the credentials provided by this link:
https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv
they allow you to enter mysql server, no
Port forwarding, no bash scripts, no once you have proven the credentials that allow you to enter the server you are done, use those credentials to answer the question .
I’m stuck. I have referenced the list (https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv) and none of the 4 sets of credentials are working for me. I can’t figure out how to get in to MySQL from sam’s SSH. I am currently running the mutated password list against kira but in the meantime, this MySQL thing is kicking my ■■■■.
Any help? Thank you.
EDIT: I figured it out. Idk what I was doing wrong… I feel like I type in that command with those credentials several times but hey, at least I got through.
Thanks! Your comment saved me a ton of time!
So after all the trouble with the last lab, I have to repeat it because I didn’t save the credentials?
Thank you soooo much. Gosh, I hadn’t thought to actually start the process.
You don’t need to brute force anything on this one.
SSH in as before, use ‘mysql -u … -p’ syntax for the my SQL login and use the DefaultCreds script lin on the page to search for MySQL logins.
from where i did you find this link was it mentioned in any where after we ssh into the server ? or did you just goolge default mysql password and find this
Hello! If you look at the standard mysql passwords and start trying to enter them, then one of these values will be what you need! To find the standard values, yes, you need to google
Thank you!
please help out . i can’t find sam’s credentials
The wording of the question is really bad… You ONLY need Sam credentials to login through ssh, then you just need to use the resources given in the theory. Hope this helps.
Found the answer in this document raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv
Enumerate the services that are running, and try to find the default creds.
-
Login to ssh
-
look at the file on the page and download the file
wget https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv
open it and search for MySQL. Have only 4 default credentials on the file for MySQL
cat DefaultCreds-Cheat-Sheet.csv | grep MySql
- try to login
mysql -u [user]
(press enter)
write the pass
- answer the question → user:pass
Save your time!
Thanks!! Really saved me a lot of time!
1- ssh sam@ip
2- mysql -u [user] -p
3- just try default users for mysql e get access