Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21) in msf6 auxiliary(scanner/mysql/mysql_login)

I am getting the following error when trying to run the mysql_login auxiliary module in msf6:

Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21)

I have checked the following:

  • The host, port, username, and password are correct.
  • The MySQL server is running.
  • The firewall is not blocking access to the MySQL server.
  • I have tried restarting the MySQL server.
  • I am using the latest version of msf6.
  • The version of msf6 is compatible with the version of the MySQL server.
  • I have checked the MySQL server logs for errors.

msf6 version Framework Version: 6.4.0-dev
MySQL server version: MySQL 5.0.51a-3ubuntu5 (protocol 10) - metaspoitable2
msf6 auxiliary(scanner/mysql/mysql_login) > exploit

[+] 10.1.1.10:3306 - 10.1.1.10:3306 - Found remote MySQL version 5.0.51a
[-] 10.1.1.10:3306 - 10.1.1.10:3306 - LOGIN FAILED: root:msfadmin (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21))
[-] 10.1.1.10:3306 - 10.1.1.10:3306 - LOGIN FAILED: root: (Unable to Connect: invalid packet: scramble_length(0) != length of scramble(21))
[] 10.1.1.10:3306 - Scanned 1 of 1 hosts (100% complete)
[
] 10.1.1.10:3306 - Bruteforce completed, 0 credentials were successful.
[] 10.1.1.10:3306 - You can open an MySQL session with these credentials and CreateSession set to true
[
] Auxiliary module execution completed

root:msfadmin - are corretc

Basic options:
Name Current Setting Required Description


ANONYMOUS_LOGIN false yes Attempt to login with a blank username and password
BLANK_PASSWORDS true no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
CreateSession false no Create a new session for every successful login
DB_ALL_CREDS false no Try each user/password couple stored in the current database
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
DB_SKIP_EXISTING none no Skip existing credentials stored in the current database (Accepte
d: none, user, user&realm)
PASSWORD msfadmin no A specific password to authenticate with
PASS_FILE no File containing passwords, one per line
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOSTS 10.1.1.10 yes The target host(s), see https://docs.metasploit.com/docs/using-me
tasploit/basics/using-metasploit.html
RPORT 3306 yes The target port (TCP)
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME root no A specific username to authenticate as
USERPASS_FILE no File containing users and passwords separated by space, one pair
per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
VERBOSE true yes Whether to print output for all attempts

1 Like

got the same issue here if you find the solution do update me

It’s probably due to a ssl/TSL mismatch between metasploitable and the version of Kali you are using. You may be able to connect directly using $ mysql with --skip-ssl.
If you switch to Kali 2020.3 it should work.

hi, anyone have solution to this? I have the same issue