MySQL servers may contain several databases. As system administrators with legitimate access or penetration testers who just compromised the server, we can list the available databases using Nmap.
This recipe teaches how to use Nmap NSE to list databases in a MySQL server.
Open a terminal and enter the following command:
$ nmap -p3306 --script mysql-databases --script-args mysqluser=<user>,mysqlpass=<password> <target>
The databases should be listed under the script results.
3306/tcp open mysql | mysql-databases: | information_schema | temp | websec | ids |_ crm
The argument -p3306 --script mysql-databases --script-args mysqluser=<user>,mysqlpass=<password>
tells Nmap to attempt a connection to the MySQL server using the given credentials (--script-args mysqluser=<user>,mysqlpass=<password>
) and tries to list all the available databases in the server.
The script mysql-databases
was written by Patrik Karlsson to help Nmap users enumerate databases in MySQL installations.
To try to enumerate databases if an empty root account is found we can use the command:
# nmap -p3306 --script mysql-empty-password,mysql-databases <target>
If the service is running on an port different than 3306 we can use Nmap's service detection (-sV
), or set the port manually with the argument -p
.
# nmap -sV --script mysql-databases <target>$ nmap -p1111 –script mysql-databases <target>
3.22.74.232