MySQL servers support granular access to databases, meaning that there could be several users in a single installation.
This recipe shows how to use Nmap to enumerate users in MySQL servers.
Open a terminal and type the following command:
$ nmap -p3306 --script mysql-users --script-args mysqluser=<user>,mysqlpass=<pass> <target>
A list of usernames will be included in the mysql-users
section:
3306/tcp open mysql | mysql-users: | root | crm | web |_ admin
The argument -p3306 --script mysql-users --script-args mysqluser=<user>,mysqlpass=<pass>
makes Nmap launch the script mysql-users
if a MySQL server is found on port 3306.
The script mysql-users
was submitted by Patrik Karlsson and it enumerates usernames in MySQL servers using the given authentication credentials. If no authentication credentials are set with the script arguments mysqluser
and mysqlpass
, it will attempt to use the results of mysql-brute
and mysql-empty-password
.
To enumerate databases and users in MySQL installations with root accounts with an empty password use the following command:
$ nmap -sV --script mysql-empty-password,mysql-databases,mysql-users <target>
If the MySQL server is running on a different port than 3306, you may use Nmap's service scan, or set the port manually with the argument -p
.
$ nmap -p3333 --script mysql-users <target>$ nmap -sV --script mysql-users <target>
3.137.184.102