Penetration Testing mailing list archives
Re: [PEN-TEST] Mysql version utility
From: Jacob Martinson <jmartinson () APERIAN COM>
Date: Mon, 30 Oct 2000 14:18:30 -0600
% jacob@buffalo:~ 14:16 $ telnet localhost 3306 Trying 127.0.0.1... Connected to buffalo. Escape character is '^]'. 3.22.32Æ>w_Uj:})Bad handshakeConnection closed by foreign host. are you talking about something different than the server version number, ie 3.22.32? -jacob -----Original Message----- From: Jonathan Leto [mailto:jonathan () leto net] Sent: Sunday, October 29, 2000 5:55 PM To: Jacob Martinson Cc: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Mysql version utility After ten "telnet 3306" you will be denied acces until they do a flush hosts because it is an invalid connect . Doesn't really matter, but for testing it is a pain in the ass. Also, you wouldn't know the protocol version. Jacob Martinson (jmartinson () aperian com) was saying:
why not just telnet to port 3306? -jacob -----Original Message----- From: Jonathan Leto [mailto:jonathan () LETO NET] Sent: Sunday, October 29, 2000 3:33 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Mysql version utility Hello all, I wrote a small utility to find out the version of mysql on a remote server.From some testing that I did, a lot of webhosting companies do not block
the
outside world from the mysql port, which is generally a bad thing. Most of them
were
running old versions with the single character password vulnerability. http://www.leto.net/code/yoursql-0.3.tar.gz -- jonathan () leto net "With pain comes clarity."
-- jonathan () leto net "With pain comes clarity."
Current thread:
- [PEN-TEST] Mysql version utility Jonathan Leto (Oct 31)
- <Possible follow-ups>
- Re: [PEN-TEST] Mysql version utility Jacob Martinson (Oct 31)
- Re: [PEN-TEST] Mysql version utility Jonathan Leto (Oct 31)
- Re: [PEN-TEST] Mysql version utility Jacob Martinson (Oct 31)
- Re: [PEN-TEST] Mysql version utility Ted Behling (Oct 31)