1
00:00:00,300 --> 00:00:02,910
So clear that screen for a fresh hack.

2
00:00:04,360 --> 00:00:12,840
As you may remember, you discovered my school username while you were doing your renumeration, but

3
00:00:12,960 --> 00:00:15,260
just to refresh your memory, let's do it again.

4
00:00:16,140 --> 00:00:18,180
So choose the MySQL Auxillary.

5
00:00:19,350 --> 00:00:21,840
Use auxiliary scanner.

6
00:00:23,050 --> 00:00:24,010
Maisky, well.

7
00:00:25,240 --> 00:00:26,450
I ask you, well, log in.

8
00:00:28,480 --> 00:00:29,710
Show me the option.

9
00:00:31,520 --> 00:00:35,300
And said, our hosts do tend to attend the hen.

10
00:00:37,290 --> 00:00:39,030
Use blank passwords.

11
00:00:41,020 --> 00:00:48,880
Set the user pass file, do the dictionary file that you created while you were doing your enumeration.

12
00:00:51,580 --> 00:00:58,750
Now, set user as part as a variable set, that also to be true.

13
00:00:59,890 --> 00:01:01,240
And let's see the options again.

14
00:01:03,160 --> 00:01:03,880
All right, good.

15
00:01:03,890 --> 00:01:06,040
So everything looks fine, so let's run the module.

16
00:01:09,690 --> 00:01:12,630
And here is the user that you detected.

17
00:01:13,550 --> 00:01:17,120
Username is root and the password is blank.

18
00:01:18,100 --> 00:01:24,760
So with this information, you can directly connect to MySQL database on Métis Voidable three.

19
00:01:25,680 --> 00:01:27,840
So to do that, let's open up a new tab.

20
00:01:28,910 --> 00:01:34,580
And to connect to my ask you, well, let's use a command might ask you, will you?

21
00:01:35,950 --> 00:01:37,660
Then username route.

22
00:01:38,880 --> 00:01:42,750
H for host tend to tend to 10.

23
00:01:44,950 --> 00:01:47,950
And excellent, connected to the database.

24
00:01:49,050 --> 00:01:58,000
So now you can query data on my ask you out to list all the databases on the server type show databases.

25
00:02:00,100 --> 00:02:07,600
Now, don't forget to put a semicolon on the end of the commands, so these are the database's.

26
00:02:08,560 --> 00:02:14,350
And to get some information about the Maisky, well, server type show variables.

27
00:02:16,670 --> 00:02:18,050
And here's an example.

28
00:02:18,080 --> 00:02:21,890
This is the version of the database now.

29
00:02:22,790 --> 00:02:25,700
Show database's again to enumerate more.

30
00:02:27,140 --> 00:02:31,820
And you can, of course, change a database in use by typing use WordPress.

31
00:02:34,080 --> 00:02:39,060
Now to display tables in the WordPress database type show tables.

32
00:02:41,320 --> 00:02:43,360
And all the WordPress tables come up here.

33
00:02:44,360 --> 00:02:54,920
So I'm going to view the information in the WP users table, so what we'll do is we'll type select from

34
00:02:55,250 --> 00:02:56,600
WGP users.

35
00:02:59,490 --> 00:03:02,130
There's not too many users, but they may work.

36
00:03:04,130 --> 00:03:07,370
Well, you know, you can always start a reverse shell from Maisky.

37
00:03:07,400 --> 00:03:07,700
Well.