Nmap mysql-dump-hashes NSE Script
This page contains detailed information about how to use the mysql-dump-hashes NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/mysql-dump-hashes.nse
Script categories: auth, discovery, safe
Target service / protocol: mysql
Target network port(s): 3306
List of CVEs: -
Script Description
The mysql-dump-hashes.nse script dumps the password hashes from an MySQL server in a format suitable for cracking by tools such as John the Ripper. Appropriate DB privileges (root) are required.
The username and password arguments take precedence
over credentials discovered by the mysql-brute and mysql-empty-password
scripts.
Mysql-dump-hashes NSE Script Arguments
This is a full list of arguments supported by the mysql-dump-hashes.nse script:
passwordThe password to use to connect to the server
usernameThe username to use to connect to the server
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=mysql-dump-hashes --script-args password=value,username=value <target>Mysql-dump-hashes NSE Script Example Usage
Here's an example of how to use the mysql-dump-hashes.nse script:
nmap -p 3306 <ip> --script mysql-dump-hashes --script-args='username=root,password=secret'
Mysql-dump-hashes NSE Script Example Output
Here's a sample output from the mysql-dump-hashes.nse script:
PORT STATE SERVICE
3306/tcp open mysql
| mysql-dump-hashes:
| root:*9B500343BC52E2911172EB52AE5CF4847604C6E5
| debian-sys-maint:*92357EE43977D9228AC9C0D60BB4B4479BD7A337
|_ toor:*14E65567ABDB5135D0CFD9A70B3032C179A49EE7
Mysql-dump-hashes NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/mysql-dump-hashes.html
- https://github.com/nmap/nmap/tree/master/scripts/mysql-dump-hashes.nse
See Also
Related NSE scripts to the mysql-dump-hashes.nse script:
- mysql-audit.nse
- mysql-brute.nse
- mysql-databases.nse
- mysql-empty-password.nse
- mysql-enum.nse
- mysql-info.nse
- mysql-query.nse
- mysql-users.nse
- mysql-variables.nse
- mysql-vuln-cve2012-2122.nse
Visit Nmap NSE Library for more scripts.
The mysql-dump-hashes.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to connect to server
Here is a relevant code snippet related to the "Failed to connect to server" error message:
77:
78: local result = {}
79: for username, password in pairs(creds) do
80: local socket = nmap.new_socket()
81: if ( not(socket:connect(host, port)) ) then
82: return fail("Failed to connect to server")
83: end
84:
85: local status, response = mysqlLogin(socket, username, password)
86: if ( status ) then
87: local query = "SELECT DISTINCT CONCAT(user, ':', password) FROM mysql.user WHERE password <> ''"
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
