Fwd: question about mysql_enum module

[松柏 <lukesun629 () gmail com>]

-------- 原始信息 --------
主题:     question about mysql_enum module
日期:     Tue, 26 Jun 2012 15:35:41 +0800
发件人:    松柏 <lukesun629 () gmail com>
收件人:    framework-request () spool metasploit com



Hi guys
I am using metasploit to do some test on ICTF2011 VM 。
this vm has a obvious mysql vulnerablity which can easily got the user
name and passwd of the database,
after that I use metasploit mysql_enum module to see the detail of the
database. I got this
//
msf auxiliary(mysql_enum) > run

[*] Running MySQL Enumerator...
[*] Enumerating Parameters
[*] MySQL Version: 5.1.41-3ubuntu12.10
[*] Compiled for the following OS: debian-linux-gnu
[*] Architecture: i486
[*] Server Hostname: muleserver
[*] Data Directory: /var/lib/mysql/
[*] Logging of queries and logins: OFF
[*] Old Password Hashing Algorithm OFF
[*] Loading of local files: ON
[*] Logins with old Pre-4.1 Passwords: OFF
[*] Allow Use of symlinks for Database Files: YES
[*] Allow Table Merge:
[*] SSL Connection: DISABLED
[-] MySQL Error: RbMysql::DbaccessDeniedError Access denied for user
'mulemanager'@'%' to database 'mysql'
[*] Enumerating Accounts:
[-] MySQL Error: RbMysql::TableaccessDeniedError SELECT command denied
to user 'mulemanager'@'192.168.126.134' for table 'user'
[-] MySQL Error: RbMysql::TableaccessDeniedError SELECT command denied
to user 'mulemanager'@'192.168.126.134' for table 'user'

//

apparentlly there is no database named mysql in the target database,
after I chech the ruby code , I do not know why the coder what to check
mysql databases which does not exist .




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework