# Network Services 2 ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfbqqfMlgFBuUh4WYb%2Fimage.png?alt=media\&token=5d3740d4-6e1b-4d3e-9d01-48cf02bc1c92) ## NFS: Network File System ### Understanding NFS ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfcUH1V1Etq1nSC1JU%2Fimage.png?alt=media\&token=764e1823-ad69-4ee8-8f8d-6061ab0c2e14) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfcgnMZhvEqdS1Xgf5%2Fimage.png?alt=media\&token=418fe988-6f8c-4af1-a0c0-5839dd407c29) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfdtffoXR4DRfBLatK%2Fimage.png?alt=media\&token=0e01bb55-a9b5-49e6-a4c0-4026dbd65bfa) ### Enumerating NFS ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfeRvvG2lQzHrQoWm0%2Fimage.png?alt=media\&token=e103522f-e286-4f23-ade0-2d960745667a) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfeXdRZcv8_nSycK8t%2Fimage.png?alt=media\&token=9c685c06-a296-4b14-8531-22fa944b1ab2) Lets run nmap scans to get information on the machine ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcff-ENrx2Lo5bh-51i%2Fimage.png?alt=media\&token=74dcdaf4-c2c2-4984-9612-65224c6a10ae) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfhR7Pcj7DpNkk6p8N%2Fimage.png?alt=media\&token=e500814b-ea31-40cc-833b-7a6b88e8f691) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcff2Wj2TPRHC_MfpsT%2Fimage.png?alt=media\&token=e92043de-dd83-4633-b356-268410cd2f45) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcff54jku0yiYIDPzhI%2Fimage.png?alt=media\&token=8b380dec-ca59-427d-a5a5-99fcd5226652) Lets mount the file ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcffc0V3eOyni0fAYGO%2Fimage.png?alt=media\&token=b444ebdb-3432-4ed5-a725-6ae57e9e4a09) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McffhJCoH_hM6ufdB0E%2Fimage.png?alt=media\&token=1454b721-f3c5-40d0-94b4-868ebd099841) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfgQSKv2k8ijjh6ybv%2Fimage.png?alt=media\&token=0e5b9666-14f0-4d63-bfee-f9e701239b1a) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfgSc6EToKZs5B_FNJ%2Fimage.png?alt=media\&token=4755b123-4163-4046-bde3-3f8d9f23e755) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfgWm8DrX2W4iS_LAt%2Fimage.png?alt=media\&token=c9d7ecfa-2ef8-4b8b-8d4d-13508774d7a2) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcfga6PIi72AIFoA-pc%2Fimage.png?alt=media\&token=748fe7c9-0e53-44b6-81cf-0a8d028ccd6e) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-McfgcxvrH8kbRC6NxRd%2Fimage.png?alt=media\&token=97c3bd56-3d45-41d1-ba53-bf51ab10ef42) ### Exploiting NFS ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcfgx_uuw_LIznAzdZk%2Fimage.png?alt=media\&token=251be978-6c43-41e7-9668-0827a02a8419) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McfbkV5t4muiV3cV6Kg%2F-Mcfh-PfJ_mGob76EImO%2Fimage.png?alt=media\&token=e03cc9ec-bae4-4a1b-a781-f7e00c2c5b3b) Lets follow these steps ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcj1-zCzdNMNN9Ilstp%2F-Mcjs_NnIja6giPpXZHN%2Fimage.png?alt=media\&token=6f499c81-6cb9-4fed-bcfa-bb09216b236f) Now login through ssh and run the command "bash -p" in the home directory ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcj1-zCzdNMNN9Ilstp%2F-Mcjsm-fbe4zwNYAVogN%2Fimage.png?alt=media\&token=d8992cd1-4256-4b55-9266-7135dd83b1cd) We are root ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcj1-zCzdNMNN9Ilstp%2F-Mcjsu1GjjOEpLpYJ9Y_%2Fimage.png?alt=media\&token=66946b6b-1866-411c-8eb5-baad82f8b585) Lets read the flag ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcj1-zCzdNMNN9Ilstp%2F-Mcjt1KdUaujF01NRDFx%2Fimage.png?alt=media\&token=bd45cdf8-f771-4aab-ae53-eb608e659972) ## SMTP: Simple Mail Transfer Protocol ### Understanding SMTP ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcjt41PwUrlCaLqrOc2%2F-Mcjtv3suraFUsObnFAF%2Fimage.png?alt=media\&token=9968c1e9-1481-4f68-be35-af6102143bcd) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcjt41PwUrlCaLqrOc2%2F-Mcju0_GmRcF-n2EbBpI%2Fimage.png?alt=media\&token=f6fc360a-6520-4a37-b45e-6d1dc959007e) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcjt41PwUrlCaLqrOc2%2F-Mcju42eCiRrwVSzNfzY%2Fimage.png?alt=media\&token=a63815c5-f699-444e-ab89-375e409e273e) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mcjt41PwUrlCaLqrOc2%2F-McjvAHqKXAzKDGq7yrl%2Fimage.png?alt=media\&token=41197eb7-eba3-4ec9-a5d7-8b61ccfb23bd) ### Enumerating SMTP ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjve4KRaQV5US_ow-S%2Fimage.png?alt=media\&token=e9bdf966-de80-49e5-9c09-98531f8615c2) Lets run nmap scans to get information about the open ports on the machine ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjw1vAE97zWg1wwOL3%2Fimage.png?alt=media\&token=e8b47bb2-c4b1-471b-82a7-cacb342bcb2d) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjwDzWp-yQfpMRP9gH%2Fimage.png?alt=media\&token=ef2b0501-37bc-43ac-8509-4bb220a888fc) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjw4NMwzi9EC7nlDg6%2Fimage.png?alt=media\&token=be0ed66f-60bc-429e-a269-0ac65db8e8cc) Lets start Metasploit and look for the module they mentioned and then set the options ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjwXoW86bcrZSZ6gx4%2Fimage.png?alt=media\&token=5314420a-a904-466e-8eef-e07159ecc865) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjwcF9AVfs9_FAJT5U%2Fimage.png?alt=media\&token=b47a5334-a4de-4a9c-8bda-cff56033534d) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjwfi62Nb2S68K2wXq%2Fimage.png?alt=media\&token=7db2802e-e02f-4b05-a5b4-ccff9815b1b6) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjwoz__JNxhhQx2kwJ%2Fimage.png?alt=media\&token=6875788f-662d-4b89-9e87-82bbd17e1395) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjxBDhSkAU8i43dxyM%2Fimage.png?alt=media\&token=c5894625-546b-4fe6-b39c-9cfcfe89efe0) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjxE2jJaxNMQqaUqDp%2Fimage.png?alt=media\&token=20ce822f-84a6-4306-acd8-73b5096e8818) Lets search for what MTA is running the SMTP server ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjxRWWi7OclUB5mbgx%2Fimage.png?alt=media\&token=085232c4-0ef0-474d-b690-3710b216f186) This can also be seen in the output after we ran the enumeration module ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjxbEENGr-Kx5Z7go9%2Fimage.png?alt=media\&token=160672a9-6562-4b89-9fa8-639a371210be) Lets do the next steps ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjyBYqifwMK_9eUcE1%2Fimage.png?alt=media\&token=0eb1605d-3d97-46cd-b83d-99fbeb0ce303) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjyHL1evphd5wDKSMu%2Fimage.png?alt=media\&token=ec50582e-2f1a-467e-8b55-cd0b0ec9444a) Lets run the exploit ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjyyr-RiwOyL3rE_dm%2Fimage.png?alt=media\&token=b75bdd9e-02d2-4ad8-89bf-0d63e8ea9dda) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-Mcjz13lS7SFQrQGuTtE%2Fimage.png?alt=media\&token=e5543efb-37f4-456c-9fdc-25cc33845ada) ### Exploiting SMTP ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjzHyYVZEFjZT8f9ie%2Fimage.png?alt=media\&token=6710bded-4f53-4261-9f53-8c71d8715357) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjvBVr2VJZWRf-3xSr%2F-McjzPd0or7gTEkYnTKT%2Fimage.png?alt=media\&token=fd81d287-1421-4d0a-8722-9c57a88cd7fc) Lets use hydra to crack the password ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck-0fJiIkDiqz3ixjG%2Fimage.png?alt=media\&token=2616b2bc-05ad-4b1b-8625-023db2ce6470) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck-3BAlgjc4-7PBn7R%2Fimage.png?alt=media\&token=36a53280-8d93-4a92-b97b-b2c6cf6a5b7d) Lets login through ssh and read the flag ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck-GDSPNMKS7FF3giR%2Fimage.png?alt=media\&token=14b0dd71-f73f-4d4f-86ce-bdafde96cd9a) ## MySQL: Structured Query Language ### Understanding MySQL ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck1R6VGKR-fDg6eH8u%2Fimage.png?alt=media\&token=15f1ccb2-151b-4a52-97e7-33352fd57f6d) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck1U3T_Z8c3YOGXeFA%2Fimage.png?alt=media\&token=3cce1684-7edb-4752-a1a7-53450343c9b0) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck1zkBPeGW9rTna2FE%2Fimage.png?alt=media\&token=572194ad-15ea-4121-a53b-818e7b49f219) ### Enumerating MySQL ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck2E1XLBFhKKpid6_v%2Fimage.png?alt=media\&token=f65ca8c0-af3c-4a88-9256-608a029ede97) Lets run a nmap port scan ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck2uIAMDl0W_-ApUHI%2Fimage.png?alt=media\&token=1d777455-bc70-45ef-b507-a34f87b2d8ad) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-McjzqLZfFNMYdMZ_AOC%2F-Mck2y-pBDG-1TslZfpU%2Fimage.png?alt=media\&token=7f105911-b342-482d-ba8f-8a53b9923355) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck3NRiN1YwqEV3F-eN%2Fimage.png?alt=media\&token=0353f179-c151-485f-aaa9-3c109679f1cd) Lets login into MySQL as root ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck4j6m2Ep_YMAZhuyK%2Fimage.png?alt=media\&token=88d38a0d-589f-43db-bc61-12b5183aac8e) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck4oZ7wMXZ0Vz5nfa1%2Fimage.png?alt=media\&token=a45a2b39-2d7d-4616-9795-956346c8dc82) Lets launch Metasploit and search for the module and look at what options we have to set ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5-ObqGvEOaur_GvE%2Fimage.png?alt=media\&token=041e8c6e-4593-47de-b886-cffdc58667da) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck59FRyTX5_GHUa95I%2Fimage.png?alt=media\&token=5bbb6e6b-4ea8-4363-ad55-cb7552e3947b) Lets set the options ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5CVk9nrKpLwmPX65%2Fimage.png?alt=media\&token=b84924b7-737f-4090-8beb-8d534d7213b2) Now lets run the module ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5KCmRwR1GUyHBoDW%2Fimage.png?alt=media\&token=89d6a07b-19ec-4a3a-a576-3186688c1efb) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5eJWuM89TYez5YWY%2Fimage.png?alt=media\&token=015f86ec-d20a-493a-8b2d-675d28e2a5db) Lets set the SQL parameter to show databases and run the exploit ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5oaZ5NwG-7WIz3lc%2Fimage.png?alt=media\&token=84d311a5-8b6d-4fac-92e2-ea57f6555eb0) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck3JFjtdc8dnRUbrGB%2F-Mck5saiwHdUUE_IqSgd%2Fimage.png?alt=media\&token=eee3d189-2d49-423e-8152-c55cab147db8) ### Exploiting MySQL ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck62tzRr3cAFlyLSfo%2Fimage.png?alt=media\&token=b17ac19e-7ab9-4252-b437-2001a573cce8) Lets follow the steps they have given ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck6dHuCwBs85S7Q5Z1%2Fimage.png?alt=media\&token=36688fd1-cce2-45f4-98ec-0894a935a3ab) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7K-Sh12xDCvuJLu_%2Fimage.png?alt=media\&token=ada57713-a15a-45c9-8d01-9a9ccaf2cc92) ![The last table returned](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck6qdyyuM_N7P-O33B%2Fimage.png?alt=media\&token=0dda3bab-3f06-43e3-91bf-811c04a94e37) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck6x2YWsWwfAJlx-Qe%2Fimage.png?alt=media\&token=6cc91023-4ea1-4a70-a743-72fc40ea461f) Lets do the next step ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7AfdolirJwTbCh7e%2Fimage.png?alt=media\&token=d475abdd-6791-4d85-8769-567794461e83) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7ZwdsiDmr60n-Py_%2Fimage.png?alt=media\&token=32ec20bc-b378-4919-88c1-e512405cc022) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7DePg1zX9j2ek6wt%2Fimage.png?alt=media\&token=37f20cff-1b8d-4e01-9083-73ebe5df5af8) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7m9TBGZvdiPnUjYk%2Fimage.png?alt=media\&token=194881f7-6c7c-4f37-8b54-31f647bd0570) Lets save the username and hash into a file called hash.txt ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck7xbivMS8wkVhirbe%2Fimage.png?alt=media\&token=fdbc4abd-e31f-4d42-9c31-95be427a9fea) Now lets crack it with John The Ripper ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck88Y91fKTxiw_5EEa%2Fimage.png?alt=media\&token=eef2be1e-d13f-4eb8-941f-c79d067de2f5) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck8DFTIUt30CnzIArc%2Fimage.png?alt=media\&token=2aef35d8-bbae-4196-a1c4-5268a1e46201) Lets now login through ssh and get the flag ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mck5w0i2MaYzjOR58iW%2F-Mck8Ov4nMb3_929H_LE%2Fimage.png?alt=media\&token=3eb68264-3076-4309-bcc3-4dcb29cf41c1)