I am getting the following error when trying to run the mysql_login auxiliary module in msf6:
Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21)
I have checked the following:
- The host, port, username, and password are correct.
- The MySQL server is running.
- The firewall is not blocking access to the MySQL server.
- I have tried restarting the MySQL server.
- I am using the latest version of msf6.
- The version of msf6 is compatible with the version of the MySQL server.
- I have checked the MySQL server logs for errors.
msf6 version Framework Version: 6.4.0-dev
MySQL server version: MySQL 5.0.51a-3ubuntu5 (protocol 10) - metaspoitable2
msf6 auxiliary(scanner/mysql/mysql_login) > exploit
[+] 10.1.1.10:3306 - 10.1.1.10:3306 - Found remote MySQL version 5.0.51a
[-] 10.1.1.10:3306 - 10.1.1.10:3306 - LOGIN FAILED: root:msfadmin (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21))
[-] 10.1.1.10:3306 - 10.1.1.10:3306 - LOGIN FAILED: root: (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21))
[] 10.1.1.10:3306 - Scanned 1 of 1 hosts (100% complete)
[] 10.1.1.10:3306 - Bruteforce completed, 0 credentials were successful.
[] 10.1.1.10:3306 - You can open an MySQL session with these credentials and CreateSession set to true
[] Auxiliary module execution completed
root:msfadmin - are corretc
Basic options:
Name Current Setting Required Description
ANONYMOUS_LOGIN false yes Attempt to login with a blank username and password
BLANK_PASSWORDS true no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
CreateSession false no Create a new session for every successful login
DB_ALL_CREDS false no Try each user/password couple stored in the current database
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
DB_SKIP_EXISTING none no Skip existing credentials stored in the current database (Accepte
d: none, user, user&realm)
PASSWORD msfadmin no A specific password to authenticate with
PASS_FILE no File containing passwords, one per line
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOSTS 10.1.1.10 yes The target host(s), see https://docs.metasploit.com/docs/using-me
tasploit/basics/using-metasploit.html
RPORT 3306 yes The target port (TCP)
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME root no A specific username to authenticate as
USERPASS_FILE no File containing users and passwords separated by space, one pair
per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
VERBOSE true yes Whether to print output for all attempts