Script mysql-dump-hashes

Script types: portrule
Categories: auth, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/mysql-dump-hashes.nse

Script Summary

Dumps the password hashes from an MySQL server in a format suitable for cracking by tools such as John the Ripper. Appropriate DB privileges (root) are required.

The username and password arguments take precedence over credentials discovered by the mysql-brute and mysql-empty-password scripts.

Script Arguments

username

the username to use to connect to the server

password

the password to use to connect to the server

Example Usage

nmap -p 3306 <ip> --script mysql-dump-hashes --script-args='username=root,password=secret'

Script Output

PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-dump-hashes:
|   root:*9B500343BC52E2911172EB52AE5CF4847604C6E5
|   debian-sys-maint:*92357EE43977D9228AC9C0D60BB4B4479BD7A337
|_  toor:*14E65567ABDB5135D0CFD9A70B3032C179A49EE7

Requires

• mysql
• nmap
• shortport
• stdnse

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html